Skip to main content

"This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix the problem."

Comments

61 comments

  • Customer

    Can anyone help me out? I'm at wits end trying to fix this bug. Thanks in advance.

     

     

    Dave

    0
  • Customer

    Hi,

     

    Please download xp_exe_fix.zip archive attached to this message and extract it to your desktop. Double-click fix.vbs and let it run.

     

    Note: Fix is meant to be used in this specific case only. Using it in some other computer or operating system is strictly prohibited and may render your system inoperable.

     

     

    Download DDS and save it to your desktop from here or here or here.

    Disable any script blocker, and then double click dds.scr to run the tool.

    • When done, DDS will open two (2) logs:

      1. DDS.txt


      2. Attach.txt



      [*]Save both reports to your desktop. Post them back to your topic.


    Download GMER and save it your desktop:


    • Extract it to your desktop and double-click GMER.exe


    • Click rootkit-tab and then scan.



    • Don't check
      Show All
      box while scanning in progress!


    • When scanning is ready, click Copy.


    • This copies log to clipboard


    • Post log in your reply.



    0
  • Customer

    Hi,

     

    Try to use c:\windows\system32\wscript.exe to open the file. Let me know how it goes.

    0
  • Customer

    Blade,

    First of all, thanks for the reply. I DLed the zip file and extracted fix.vbs to the desktop, but when I tried to double click it and run it, the computer tells me that "windows cannot open this file: to open this file, windows needs to know what program created it." It then gives me 2 options. Use the web service to find the appropriate program or select the program from a list. I have no idea what program is used to open up vbs files... Please advise. Thanks.

     

     

    Dave

    0
  • Customer

    When I did that and used windows script host, I got "There is no script engine for file extension ".vbs"

    0
  • Customer

    Hi,

     

    Open "My computer". Click Tools->Folder options->activate file types -tab. Is the list empty or do you have some types listed there?

    0
  • Customer

    When I click on the file types tab, I get a list of registered file types. I didn't see vbs extensions, so I then manually entered VBS as an extension and manually changed the details for vbs using windows script as the program to open vbs extensions. But still the program does not open and I get the same result. Should I be doing something different?

    0
  • Customer

    Hi,

     

    See if you're able to download and run DDS. When it asks for download location place it to root of your c: drive and name as firefox.exe.

    0
  • Customer

    I was able to DL and save the file to the root directory in the C: drive and changed the name to firefox.exe. When I tried to run it, it said: "cmd, this application has failed to start because the application configuration is incorrect", same as before...

    0
  • Customer

    Hi,

     

    Please try same renaming trick with GMER and see if you can run it.

     


    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop as firefox.exe.


    • Double click on renamed file to run RSIT.


    • Click Continue at the disclaimer screen.


    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)



    Also, please see if you can find folder with nothing but pure digits in its name (i.e. 4298219) in C:\Documents and Settings\All Users\Application Data folder. If you find such folder move it to your desktop.

    0
  • Customer

    It's hidden by default.

     

    Show hidden files

    -----------------

    * Click Start.

    * Open My Computer.

    * Select the Tools menu and click Folder Options.

    * Select the View Tab.

    * Under the Hidden files and folders heading select Show hidden files and folders.

    * Uncheck the Hide protected operating system files (recommended) option.

    * Click Yes to confirm.

    * Click OK.

    0
  • Customer

    I DL and saved both the GMER and RSIT file, but could not run either one. Same error as with all the other exe files.

     

    I also looked in C:\Documents and Settings\All Users\, but I do not have an application data folder? Could my XP be totally wacked?

     

    This is truly frustrating...

    0
  • Customer


    • Download OTL (name it as dave.com while selecting destination location) to your desktop.


    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


    • When the window appears, underneath Output at the top change it to Minimal Output.


    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.


      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.





    0
  • Customer

    OK, accessed the hidden files, but there isn't a file folder with just pure digits. Actually, there isn't a folder with a single number in it...

     

    Now what?

    0
  • Customer

    DLed and renamed OTL, but I cannot run the program. Everytime I try to run an exe program, the message comes up regardless of what I name it. DL and renaming is not a problem, it's when I go to launch the program. There has to be something else.

     

     

    Dave

    0
  • Customer

    OK, I changed the name after the DL. That's where I went wrong. But I have another problem. I'm using FF and there's a DL manager that pops up and it automatically saves the file for me without asking for a name or where to save it to. Where can I change this option so that I can DL and save the file as something else?

     

     

    Dave

    0
  • Customer

    DLed and renamed OTL, but I cannot run the program.

    Did you download it first before changing the name? It has to be renamed before its saved to your hard drive. Use name svchost.exe and place the file to your c: root (c:\)

     

    After that, here are steps to follow (print/save these and above listed OTL related instructions since you won't be able to access them while in safe mode):

    Press F8 before Windows' loading screen and select safe mode with command prompt -option.

    Then write following commands (I assume you have OTL with name svchost.exe in c:\):



    • c:



    • cd\



    • svchost.exe



    0
  • Customer

    Goto tools. On downloads section of main tab there's an option "Always ask me where to save files". Have it enabled.

    0
  • Customer

    Blade,

    I followed your instructions and was able to run OTL, but after the scan completed I did not get OTL.txt and extras.txt files that you had mentioned. The program ran fine and when it finished there was a message at the bottom saying "scan completed". Is there something else I need to do to get the files? BTW, this was all done in windows and not safe mode. I was not able to boot into safe mode.

    0
  • Customer

    Blade,

    Nevermind my previous reply. I found the OTL and extras files from the OTL output on my desktop. I had to clean a few things up before I could see it. I will post the results in the next post for you to see. Thanks.

     

     

    Dave

    0
  • Customer

    OTL logfile created on: 8/19/2009 11:19:54 AM - Run 2

    OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\david wang\Desktop

    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 6.0.2900.2180)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

     

    502.80 Mb Total Physical Memory | 208.18 Mb Available Physical Memory | 41.40% Memory free

    1.20 Gb Paging File | 1.03 Gb Available in Paging File | 85.88% Paging File free

    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

     

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 18.62 Gb Total Space | 7.17 Gb Free Space | 38.52% Space Free | Partition Type: NTFS

    D: Drive not present or media not loaded

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    G: Drive not present or media not loaded

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

     

    Computer Name: DAVID

    Current User Name: david wang

    Logged in as Administrator.

     

    Current Boot Mode: Normal

    Scan Mode: Current user

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Minimal

     

    ========== Processes (SafeList) ==========

     

    PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    PRC - C:\Documents and Settings\david wang\Desktop\dave.com.exe (OldTimer Tools)

     

    ========== Win32 Services (SafeList) ==========

     

    SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)

    SRV - (browserctl [Auto | Stopped]) -- C:\Program Files\BrowserCtl\BrowserCtl.dll ()

    SRV - (EvtEng [Auto | Stopped]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

    SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

    SRV - (RegSrvc [Auto | Stopped]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

    SRV - (S24EventMonitor [Auto | Stopped]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

    SRV - (sys [Auto | Stopped]) -- C:\Program Files\sys\sys.dll ()

    SRV - (UMWdf [Auto | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

    SRV - (Viewpoint Manager Service [Auto | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

     

    ========== Driver Services (SafeList) ==========

     

    DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)

    DRV - (AegisP [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)

    DRV - (browserctldrv [system | Running]) -- C:\Program Files\BrowserCtl\BrowserCtl.sys (BrowserCtl)

    DRV - (FTD2XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\VAGUSB.sys (FTDI Ltd.)

    DRV - (giveio [boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()

    DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)

    DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)

    DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)

    DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

    DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ATKACPI.sys ()

    DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

    DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

    DRV - (rmedia [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\rmedia.sys (REDC)

    DRV - (RT-USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\RT-USB.sys (Ross-Tech, LLC)

    DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)

    DRV - (s24trans [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)

    DRV - (SASDIFSV [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

    DRV - (SASKUTIL [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)

    DRV - (speedfan [boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)

    DRV - (sysdrv [system | Running]) -- C:\Program Files\sys\sys.sys (sys)

    DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

    DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys (Microsoft Corporation)

    DRV - (VAGUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\VAGUSB.sys (FTDI Ltd.)

    DRV - (w22n51 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys (Intel® Corporation)

    DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys (Intel® Corporation)

    DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

    DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)

    DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)

     

    ========== Standard Registry (SafeList) ==========

     

     

    ========== Internet Explorer ==========

     

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

     

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

    IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

     

    ========== FireFox ==========

     

    FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"

    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="

    FF - prefs.js..browser.search.order.1: "Fast Browser Search"

    FF - prefs.js..browser.search.selectedEngine: "Google"

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?p=1151392084"

    FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.0.9

    FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20081203

    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

    FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={E113B85B-DB91-D189-5821-5BE04612C681}&q="

     

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/10 23:32:08 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/10 23:32:08 | 00,000,000 | ---D | M]

     

    [2008/08/14 22:47:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Extensions

    [2008/08/14 22:47:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

    [2009/08/18 14:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions

    [2009/02/02 12:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

    [2009/03/28 19:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}

    [2006/09/15 10:35:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions\videodowloader@videodownloader.net

    [2008/08/14 22:47:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

    [2009/08/10 23:32:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    [2009/08/10 23:31:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

    [2009/08/10 23:31:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

    [2008/12/04 09:14:08 | 00,211,456 | ---- | M] () -- C:\Program Files\mozilla firefox\components\srff.dll

    [2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

    [2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

    [2007/02/23 00:25:15 | 00,700,416 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll

    [2007/02/23 18:51:35 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

    [2006/09/15 12:10:21 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll

    [2009/08/10 23:32:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

    [2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL

    [2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

    [2007/05/17 10:10:35 | 00,144,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

    [2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

    [2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

    [2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

    [2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

    [2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

    [2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

    [2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

    [2007/05/17 10:10:49 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll

    [2007/05/17 10:10:34 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

    [2009/03/06 09:53:13 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

    [2009/03/06 09:53:13 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

    [2009/03/06 09:53:13 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

    [2009/03/06 09:53:13 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

    [2009/03/28 19:54:36 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png

    [2009/03/28 19:54:36 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

    [2009/03/06 09:53:13 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

    [2009/03/06 09:53:13 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

    [2009/03/06 09:53:13 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

     

    O1 HOSTS File: (143 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: ::1 localhost

    O1 - Hosts: 209.44.111.62 antispy.microsoft.com

    O1 - Hosts: 209.44.111.62 antiaware-pro.com

    O1 - Hosts: 209.44.111.62 www.antiaware-pro.com

    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll (Viewpoint Corporation)

    O2 - BHO: (ICQSys (IE PlugIn)) - {F54AF7DE-6038-4026-8433-CC30E3F17212} - C:\WINDOWS\System32\dddesot.dll (ASC - AntiSpyware)

    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

    O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll (Viewpoint Corporation)

    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

    O4 - HKLM..\Run: [KernelFaultCheck] File not found

    O4 - HKLM..\Run: [pp] C:\windows\pp10.exe ()

    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

    O4 - HKLM..\Run: [sysfbtray] c:\windows\freddy57.exe ()

    O4 - HKLM..\Run: [sysldtray] C:\windows\ld11.exe ()

    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

    O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found

    O4 - HKCU..\Run: [GetModule36] C:\Program Files\GetModule\GetModule36.exe File not found

    O4 - HKCU..\Run: [GetPack28] C:\Program Files\GetPack\GetPack28.exe File not found

    O4 - HKCU..\Run: [ikrk] C:\PROGRA~1\COMMON~1\ikrk\ikrkm.exe File not found

    O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

    O4 - HKCU..\Run: [Twain] C:\Documents and Settings\david wang\Application Data\Twain\Twain.exe File not found

    O4 - HKCU..\Run: [VnrPack22] C:\Program Files\VnrPack\VnrPack22.exe File not found

    O4 - HKCU..\Run: [VnrPack23] C:\Program Files\VnrPack\VnrPack23.exe File not found

    O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

    O4 - Startup: C:\Documents and Settings\david wang\Start Menu\Programs\Startup\RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.exe (Ross-Tech, LLC)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1

    O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]

    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

    O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]

    O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]

    O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]

    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)

    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

    O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

    O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

    O13 - ftp Prefix: missing

    O13 - gopher Prefix: missing

    O13 - home Prefix: missing

    O13 - mosaic Prefix: missing

    O13 - www Prefix: missing

    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

    O16 - DPF: {3234504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/a/0...5ce/mpg4dmo.CAB (Reg Error: Key error.)

    O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB (Reg Error: Key error.)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.217

    O18 - Protocol\Handler\httpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

    O18 - Protocol\Handler\httpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp - No CLSID value found

    O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

    O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - AppInit_DLLs: (lrmgig.dll) - File not found

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

    O24 - Desktop Components:0 (My Current Home Page) - About:Home

    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

    O29 - HKLM SecurityProviders - (digeste.dll) - File not found

    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxyxurQg) - File not found

    O31 - SafeBoot: AlternateShell - cmd.exe

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2006/06/23 19:30:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck) - File not found

    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

    O34 - HKLM BootExecute: (*) - File not found

     

    ========== Files/Folders - Created Within 30 Days ==========

     

    [3 C:\WINDOWS\System32\*.tmp files]

    [4 C:\WINDOWS\*.tmp files]

    [2009/08/19 11:10:04 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\david wang\Desktop\dave.com.exe

    [2009/08/19 11:08:47 | 00,359,932 | ---- | C] () -- C:\firefox.exe.scr

    [2009/08/19 11:06:55 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\dds.scr

    [2009/08/19 11:01:19 | 02,585,872 | ---- | C] (Microsoft Corporation) -- C:\WindowsInstaller-KB893803-v2-x86.exe

    [2009/08/18 14:01:19 | 00,000,473 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\Shortcut to firefox.lnk

    [2009/08/12 12:40:05 | 00,279,461 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\gmer.zip

    [2009/08/12 12:16:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

    [2009/08/12 09:29:04 | 00,002,922 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\fix.vbs

    [2009/08/12 09:28:24 | 00,001,085 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\xp_exe_fix.zip

    [2009/08/11 16:05:11 | 00,817,664 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\david wang\Desktop\depends.exe

    [2009/08/11 15:58:19 | 01,821,192 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\david wang\Desktop\vcredist_x86.exe

    [2009/08/11 15:47:27 | 00,959,573 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\EFRCSetup.exe

    [2009/08/10 23:59:26 | 00,008,550 | ---- | C] () -- C:\WINDOWS\System32\wispex.html

    [2009/08/10 23:59:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images

    [2009/08/10 23:58:23 | 00,000,064 | ---- | C] () -- C:\WINDOWS\ppp4.dat

    [2009/08/10 23:58:23 | 00,000,001 | ---- | C] () -- C:\WINDOWS\ppp3.dat

    [2009/08/10 23:58:19 | 00,827,392 | ---- | C] (ASC - AntiSpyware) -- C:\WINDOWS\System32\dddesot.dll

    [2009/08/10 23:58:19 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old

    [2009/08/10 23:58:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\desot.exe

    [2009/08/10 23:58:18 | 00,000,093 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm

    [2009/08/10 23:58:18 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat

    [2009/08/10 23:57:56 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Antivirus Pro

    [2009/08/10 23:33:05 | 00,000,000 | ---D | C] -- C:\Program Files\BrowserCtl

    [2009/08/10 23:32:55 | 00,000,002 | ---- | C] () -- C:\WINDOWS10112010146120114.dat

    [2009/08/10 23:31:44 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\th823567.dat

    [2009/08/10 23:31:43 | 00,030,208 | ---- | C] () -- C:\WINDOWS\freddy57.exe

    [2008/12/03 01:50:02 | 00,865,158 | -HS- | C] () -- C:\WINDOWS\System32\gQruxyxx.ini2

    [2008/12/03 01:49:59 | 00,865,158 | -HS- | C] () -- C:\WINDOWS\System32\gQruxyxx.ini

    [2007/01/18 11:28:57 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

    [2007/01/18 11:28:57 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

    [2007/01/12 21:08:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

    [2006/12/12 12:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

    [2006/07/25 13:32:11 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\auc4.ini

    [2006/06/27 00:55:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

    [2006/06/26 19:18:11 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS.SYS

    [2006/06/23 19:52:40 | 00,005,786 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys

    [2006/06/23 19:48:43 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS

    [2004/08/04 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

    [2004/08/04 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

    [2004/08/04 08:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini

    [2004/08/04 08:00:00 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini

    [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    [1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

     

    ========== Files - Modified Within 30 Days ==========

     

    [3 C:\WINDOWS\System32\*.tmp files]

    [4 C:\WINDOWS\*.tmp files]

    [2009/08/19 11:09:39 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\david wang\Desktop\dave.com.exe

    [2009/08/19 11:07:38 | 00,359,932 | ---- | M] () -- C:\firefox.exe.scr

    [2009/08/19 11:06:36 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\dds.scr

    [2009/08/19 11:01:14 | 02,585,872 | ---- | M] (Microsoft Corporation) -- C:\WindowsInstaller-KB893803-v2-x86.exe

    [2009/08/18 14:01:19 | 00,000,473 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\Shortcut to firefox.lnk

    [2009/08/18 13:59:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2009/08/18 13:59:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2009/08/12 15:49:08 | 00,002,922 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\fix.vbs

    [2009/08/12 12:39:57 | 00,279,461 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\gmer.zip

    [2009/08/12 09:28:01 | 00,001,085 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\xp_exe_fix.zip

    [2009/08/11 15:58:18 | 01,821,192 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\david wang\Desktop\vcredist_x86.exe

    [2009/08/11 15:47:31 | 00,959,573 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\EFRCSetup.exe

    [2009/08/11 09:54:34 | 11,570,426 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\I Gotta Feeling - Black Eyed Peas.mp3

    [2009/08/11 00:03:52 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\desot.exe

    [2009/08/11 00:03:50 | 00,000,064 | ---- | M] () -- C:\WINDOWS\ppp4.dat

    [2009/08/11 00:03:50 | 00,000,001 | ---- | M] () -- C:\WINDOWS\ppp3.dat

    [2009/08/11 00:03:25 | 00,827,392 | ---- | M] (ASC - AntiSpyware) -- C:\WINDOWS\System32\dddesot.dll

    [2009/08/10 23:58:19 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old

    [2009/08/10 23:58:18 | 00,000,093 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm

    [2009/08/10 23:58:18 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat

    [2009/08/10 23:32:55 | 00,000,002 | ---- | M] () -- C:\WINDOWS10112010146120114.dat

    [2009/08/10 23:31:44 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\th823567.dat

    [2009/08/10 23:31:43 | 00,030,208 | ---- | M] () -- C:\WINDOWS\freddy57.exe

     

    ========== LOP Check ==========

     

    [2008/10/28 12:22:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

    [2006/06/27 23:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink

    [2006/07/07 00:34:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel

    [2008/10/28 12:19:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

    [2006/10/04 00:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

    [2009/02/02 12:06:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\david wang\Application Data

    [2006/06/27 11:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Aim

    [2006/06/28 21:26:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Downloaded Installations

    [2009/02/02 11:03:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\GetModule

    [2006/07/07 00:35:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Intel

    [2009/02/02 12:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Twain

    [2008/09/23 19:31:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\uTorrent

    [2007/01/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Viewpoint

     

    ========== Purity Check ==========

     

     

     

    ========== Alternate Data Streams ==========

     

    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >

    0
  • Customer

    OTL Extras logfile created on: 8/19/2009 11:11:56 AM - Run 1

    OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\david wang\Desktop

    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 6.0.2900.2180)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

     

    502.80 Mb Total Physical Memory | 233.45 Mb Available Physical Memory | 46.43% Memory free

    1.20 Gb Paging File | 1.05 Gb Available in Paging File | 87.40% Paging File free

    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

     

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 18.62 Gb Total Space | 7.17 Gb Free Space | 38.52% Space Free | Partition Type: NTFS

    D: Drive not present or media not loaded

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    G: Drive not present or media not loaded

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

     

    Computer Name: DAVID

    Current User Name: david wang

    Logged in as Administrator.

     

    Current Boot Mode: Normal

    Scan Mode: Current user

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Minimal

     

    ========== Extra Registry (SafeList) ==========

     

     

    ========== File Associations ==========

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .exe [@ = exefile] -- C:\WINDOWS\System32\desot.exe ()

    .hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    .js [@ = jsfile] -- Reg Error: Key error. File not found

    .jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

    .vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

    .vbs [@ = ft000002] -- Reg Error: Key error. File not found

    .wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

    .wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

     

    ========== Security Center Settings ==========

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "FirstRunDisabled" = 1

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

     

    ========== Authorized Applications List ==========

     

     

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

    "{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update

    "{5E86E9C0-3FE1-44C4-BE6D-2D88493E812C}" = Videosoft H.264 Decoder 2.2 BETA

    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

    "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9

    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

    "{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU

    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

    "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime

    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

    "6D07236E1D2F8479C88537ED0B7EB5D15ABBF7D5" = Windows Driver Package - Ross-Tech USB Driver Package (11/16/2007 6.0.2.0)

    "AC3Filter" = AC3Filter (remove only)

    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

    "Adobe Shockwave Player" = Adobe Shockwave Player 11

    "AOL Instant Messenger" = AOL Instant Messenger

    "CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_18261043" = SoftV92 Data Fax Modem with SmartCP

    "DivX Content Uploader" = DivX Content Uploader

    "DVD Shrink_is1" = DVD Shrink 3.2

    "eMule" = eMule

    "FLVPlayer" = FLV Player 1.3.3

    "GSpot" = GSpot Codec Information Appliance

    "Hcontrol" = ATK0100 ACPI UTILITY

    "meGUI modern media encoder" = meGUI modern media encoder (remove only)

    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

    "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)

    "Official Factory Repair Manual Audi 100, A6 1992-1997" = Official Factory Repair Manual Audi 100, A6 1992-1997

    "Panerai" = Panerai

    "ProInst" = Intel® PROSet/Wireless Software

    "RealPlayer 6.0" = RealPlayer

    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX

    "SpeedFan" = SpeedFan (remove only)

    "tournamentgames_3.exe" = Tournament Games (remove only)

    "uTorrent" = µTorrent

    "VCDS Release 805" = VCDS Release 805.1

    "Viewpoint Manager" = Viewpoint Manager (Remove Only)

    "Viewpoint Toolbar" = Viewpoint Toolbar

    "ViewpointMediaPlayer" = Viewpoint Media Player

    "Win Antivirus Pro" = Windows Antivirus Pro

    "Windows Media Format Runtime" = Windows Media Format Runtime

    "Windows Media Player" = Windows Media Player 10

    "WinRAR archiver" = WinRAR archiver

    "Xvid_is1" = Xvid 1.1.2 final uninstall

    "Yahoo! Companion" = Yahoo! Toolbar

    "Yahoo! Customizations" = Yahoo! Browser Services

    "Yahoo! Internet Mail" = Yahoo! Internet Mail

    "Yahoo! Messenger" = Yahoo! Messenger

    "Yahoo! Toolbar" = Yahoo! Toolbar

    "YInstHelper" = Yahoo! Install Manager

     

    ========== HKEY_CURRENT_USER Uninstall List ==========

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "ESPN Java Check" = ESPN Java Check

    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

     

    ========== Last 10 Event Log Errors ==========

     

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

     

    < End of report >

    0
  • Customer

    Blade,

    Thanks for your help. Whatever Combofix was, it did the trick. Laptop is back to normal... Should I keep the Combofix application to run for future use or is it a one time fix application only applicable this time?

     

    BTW, when I was stuck with OTL (when it wouldn't run), I searched further on the web looking for anything similar to fix the issue. I found and DLed vcredist_x86. It allowed me to run any new DLed exe applications. I don't know what it was, but it allowed me to run OTL.

    0
  • Customer

    Hi again,

     

    Good to see you made OTL run

     

     

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

     

    Download Combofix from any of the links below. You must rename it before saving it (use name sVCHost.exe). Save it to your desktop.

     

    Link 1

    Link 2

    Link 3

     

     

     

    --------------------------------------------------------------------

     

    Double click on sVCHost.exe & follow the prompts.

      When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt so we can continue cleaning the system.



    Note:

    Do not mouseclick combofix's window while it's running. That may cause it to stall

    0
  • Customer

    Combofix text file:

     

    ComboFix 09-08-18.04 - david wang 08/19/2009 12:02.1.1 - NTFSx86

    Running from: c:\documents and settings\david wang\Desktop\ComboFix.exe

    Command switches used :: file:///C:/Documents0and0Settings/david0wang/Desktop/sVCHost.exe

    * Created a new restore point

    framedyn.dll is missing

    .

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    c:\documents and settings\david wang\Application Data\GetModule

    c:\documents and settings\david wang\Application Data\GetModule\dicik.gz

    c:\documents and settings\david wang\Application Data\GetModule\kwdik.gz

    c:\documents and settings\david wang\Application Data\GetModule\ofadik.gz

    c:\documents and settings\NetworkService\Application Data\NetMon

    c:\documents and settings\NetworkService\Application Data\NetMon\domains.txt

    c:\documents and settings\NetworkService\Application Data\NetMon\log.txt

    c:\program files\BrowserCtl

    c:\program files\BrowserCtl\BrowserCtl.dll

    c:\program files\BrowserCtl\BrowserCtl.sys

    c:\program files\Mozilla Firefox\components\srff.dll

    c:\program files\sys

    c:\program files\sys\sys.dll

    c:\program files\sys\sys.sys

    c:\program files\Windows Antivirus Pro

    c:\program files\Windows Antivirus Pro\msvcm80.dll

    c:\program files\Windows Antivirus Pro\msvcp80.dll

    c:\program files\Windows Antivirus Pro\msvcr80.dll

    c:\program files\Windows Antivirus Pro\tmp\dbsinit.exe

    c:\program files\Windows Antivirus Pro\tmp\images\i1.gif

    c:\program files\Windows Antivirus Pro\tmp\images\i2.gif

    c:\program files\Windows Antivirus Pro\tmp\images\i3.gif

    c:\program files\Windows Antivirus Pro\tmp\images\j1.gif

    c:\program files\Windows Antivirus Pro\tmp\images\j2.gif

    c:\program files\Windows Antivirus Pro\tmp\images\j3.gif

    c:\program files\Windows Antivirus Pro\tmp\images\jj1.gif

    c:\program files\Windows Antivirus Pro\tmp\images\jj2.gif

    c:\program files\Windows Antivirus Pro\tmp\images\jj3.gif

    c:\program files\Windows Antivirus Pro\tmp\images\l1.gif

    c:\program files\Windows Antivirus Pro\tmp\images\l2.gif

    c:\program files\Windows Antivirus Pro\tmp\images\l3.gif

    c:\program files\Windows Antivirus Pro\tmp\images\pix.gif

    c:\program files\Windows Antivirus Pro\tmp\images\t1.gif

    c:\program files\Windows Antivirus Pro\tmp\images\t2.gif

    c:\program files\Windows Antivirus Pro\tmp\images\up1.gif

    c:\program files\Windows Antivirus Pro\tmp\images\up2.gif

    c:\program files\Windows Antivirus Pro\tmp\images\w1.gif

    c:\program files\Windows Antivirus Pro\tmp\images\w11.gif

    c:\program files\Windows Antivirus Pro\tmp\images\w2.gif

    c:\program files\Windows Antivirus Pro\tmp\images\w3.gif

    c:\program files\Windows Antivirus Pro\tmp\images\w3.jpg

    c:\program files\Windows Antivirus Pro\tmp\images\wt1.gif

    c:\program files\Windows Antivirus Pro\tmp\images\wt2.gif

    c:\program files\Windows Antivirus Pro\tmp\images\wt3.gif

    c:\program files\Windows Antivirus Pro\tmp\wispex.html

    c:\program files\Windows Antivirus Pro\Windows Antivirus Pro.exe

    c:\windows10112010146118114.dat

    c:\windows10112010146120114.dat

    c:\windows101120101464849.dat

    c:\windows101120101465752.dat

    c:\windows\934fdfg34fgjf23

    c:\windows\bf23567.dat

    c:\windows\freddy49.exe

    c:\windows\freddy57.exe

    c:\windows\ld11.exe

    c:\windows\pp10.exe

    c:\windows\ppp3.dat

    c:\windows\ppp4.dat

    c:\windows\son_1248102413.exe

    c:\windows\strt_1246452705.exe

    c:\windows\system32121mixed.bin

    c:\windows\system32\bennuar.old

    c:\windows\system32\dddesot.dll

    c:\windows\system32\desot.exe

    c:\windows\system32\gQruxyxx.ini

    c:\windows\system32\gQruxyxx.ini2

    c:\windows\system32\images

    c:\windows\system32\images\i1.gif

    c:\windows\system32\images\i2.gif

    c:\windows\system32\images\i3.gif

    c:\windows\system32\images\j1.gif

    c:\windows\system32\images\j2.gif

    c:\windows\system32\images\j3.gif

    c:\windows\system32\images\jj1.gif

    c:\windows\system32\images\jj2.gif

    c:\windows\system32\images\jj3.gif

    c:\windows\system32\images\l1.gif

    c:\windows\system32\images\l2.gif

    c:\windows\system32\images\l3.gif

    c:\windows\system32\images\pix.gif

    c:\windows\system32\images\t1.gif

    c:\windows\system32\images\t2.gif

    c:\windows\system32\images\up1.gif

    c:\windows\system32\images\up2.gif

    c:\windows\system32\images\w1.gif

    c:\windows\system32\images\w11.gif

    c:\windows\system32\images\w2.gif

    c:\windows\system32\images\w3.gif

    c:\windows\system32\images\w3.jpg

    c:\windows\system32\images\wt1.gif

    c:\windows\system32\images\wt2.gif

    c:\windows\system32\images\wt3.gif

    c:\windows\system32\logs

    c:\windows\system32\sonhelp.htm

    c:\windows\system32\sysnet.dat

    c:\windows\system32\threat448y.bin

    c:\windows\system32\wbem\proquota.exe

    c:\windows\system32\winsrc.dll.tmp

    c:\windows\system32\wispex.html

    c:\windows\th823567.dat

    c:\windows\wiaserviv.log

     

     

    Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected

    Restored copy from - c:\windows\system32\dllcache\MsPMSNSv.dll

     

    c:\windows\system32\proquota.exe . . . is missing!!

     

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    -------\Legacy_BROWSERCTL

    -------\Legacy_BROWSERCTLDRV

    -------\Legacy_SYS

    -------\Legacy_SYSDRV

    -------\Service_browserctl

    -------\Service_browserctldrv

    -------\Service_SfX

    -------\Service_sys

    -------\Service_sysdrv

     

     

    ((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))

    .

     

    2009-08-19 15:08 . 2009-08-19 15:07 359932 -c--a-w- C:\firefox.exe.scr

    2009-08-19 15:01 . 2009-08-19 15:01 2585872 -c--a-w- C:\WindowsInstaller-KB893803-v2-x86.exe

    2009-08-14 20:26 . 2009-08-14 20:26 488960 -c--a-w- c:\documents and settings\david wang\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll

    2009-08-14 20:26 . 2009-08-14 20:26 319488 -c--a-w- c:\documents and settings\david wang\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

    2009-08-12 16:16 . 2009-08-12 16:16 -------- dc-h--w- c:\windows\PIF

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-07-01 04:12 . 2009-07-01 04:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

    2008-12-04 05:51 . 2008-12-04 05:51 1404399 -csh--w- c:\windows\system32\kxpqxnuk.tmp

    .

     

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-09-13 4621816]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-17 185784]

     

    c:\documents and settings\david wang\Start Menu\Programs\Startup\

    RT-Updater.lnk - c:\ross-tech\VCDS\VCDS.exe [2008-12-23 1057792]

     

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

     

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2008-07-23 21:28 352256 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

    SecurityProviders schannel.dll, digest.dll

     

    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

    R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [x]

    R3 FTD2XX;VAGUSB.SYS VAG-COM USB Driver;c:\windows\system32\Drivers\VAGUSB.sys [2005-12-15 34639]

    R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.sys [2007-11-16 54400]

    R3 VAGUSB;VAGUSB.SYS USB Driver;c:\windows\system32\Drivers\VAGUSB.sys [2005-12-15 34639]

    R3 wg51und5;NETGEAR WG511U Wireless Network Adapter Service;c:\windows\system32\DRIVERS\wg51und5.sys [x]

    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]

    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]

    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]

     

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    DcomLaunch REG_MULTI_SZ DcomLaunch

    .

    - - - - ORPHANS REMOVED - - - -

     

    HKCU-Run-ikrk - c:\progra~1\COMMON~1\ikrk\ikrkm.exe

    HKCU-Run-VnrPack22 - c:\program files\VnrPack\VnrPack22.exe

    HKCU-Run-GetPack28 - c:\program files\GetPack\GetPack28.exe

    HKCU-Run-VnrPack23 - c:\program files\VnrPack\VnrPack23.exe

    HKCU-Run-GetModule36 - c:\program files\GetModule\GetModule36.exe

    HKLM-Run-sysfbtray - c:\windows\freddy57.exe

     

     

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://google.com/

    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

    FF - ProfilePath - c:\documents and settings\david wang\Application Data\Mozilla\Firefox\Profiles\1387k14y.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?p=1151392084

    FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={E113B85B-DB91-D189-5821-5BE04612C681}&q=

    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll

    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll

    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll

    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll

    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll

    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll

    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

    .

     

    **************************************************************************

     

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-08-19 12:11

    Windows 5.1.2600 Service Pack 2 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

     

    - - - - - - - > 'winlogon.exe'(692)

    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files\Real\RealPlayer\realplay.exe

    c:\program files\Real\RealPlayer\realplay.exe

    .

    **************************************************************************

    .

    Completion time: 2009-08-19 12:21 - machine was rebooted

    ComboFix-quarantined-files.txt 2009-08-19 16:20

     

    Pre-Run: 9,148,375,040 bytes free

    Post-Run: 10,976,776,192 bytes free

     

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

     

    236

    0
  • Customer

    Should I keep the Combofix application to run for future use or is it a one time fix application only applicable this time?

    No, ComboFix is not general removal tool. It should be used under supervision of trained helper only. We'll remove it after cleaning process is ready.

     

    Please download SystemLook from one of the links below and save it to your Desktop.

    Download Mirror #1

    Download Mirror #2


    • Double-click SystemLook.exe to run it.


    • Copy the content of the following codebox into the main textfield:
      :filefind
      framedyn.dll
      proquota.exe



       


    • Click the Look button to start the scan.


    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.



    Note: The log can also be found on your Desktop entitled SystemLook.txt

     

     

    Please see if you're able to run DDS too.

    0
  • Customer

    SystemLook v1.0 by jpshortstuff (22.05.09)

    Log created at 13:33 on 19/08/2009 by david wang (Administrator - Elevation successful)

     

    ========== filefind ==========

     

    Searching for "framedyn.dll"

    No files found.

     

    Searching for "proquota.exe"

    No files found.

     

    -=End Of File=-

    0
  • Customer

    DDS.txt log file:

     

    DDS (Ver_09-07-30.01) - NTFSx86

    Run by david wang at 13:36:29.53 on Wed 08/19/2009

    Internet Explorer: 6.0.2900.2180

     

    ============== Running Processes ===============

     

     

    ============== Pseudo HJT Report ===============

     

    uStart Page = hxxp://google.com/

    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

    BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.7.0\ViewBarBHO.dll

    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

    TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.7.0\IEViewBar.dll

    uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl

    uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

    uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

    StartupFolder: c:\docume~1\davidw~1\startm~1\programs\startup\rt-upd~1.lnk - c:\ross-tech\vcds\VCDS.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

    IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

    IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

    IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

    IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

    IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

    DPF: {3234504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/a/0/0/a0043c6c-8cd6-428e-9c9e-01883020f5ce/mpg4dmo.CAB

    DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

    Notify: igfxcui - igfxsrvc.dll

    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    SecurityProviders: schannel.dll, digest.dll

     

    ================= FIREFOX ===================

     

    FF - ProfilePath - c:\docume~1\davidw~1\applic~1\mozilla\firefox\profiles\1387k14y.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?p=1151392084

    FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={E113B85B-DB91-D189-5821-5BE04612C681}&q=

    FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll

    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll

    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll

    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll

    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll

    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll

    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

     

    ============= SERVICES / DRIVERS ===============

     

     

    =============== Created Last 30 ================

     

    2009-08-19 12:18 <DIR> -cd----- c:\windows\system32\dllcache\cache

    2009-08-19 12:00 <DIR> acdshr-- C:\cmdcons

    2009-08-19 11:59 216,064 ac------ c:\windows\PEV.exe

    2009-08-19 11:59 161,792 ac------ c:\windows\SWREG.exe

    2009-08-19 11:59 98,816 ac------ c:\windows\sed.exe

    2009-08-19 11:08 359,932 ac------ C:\firefox.exe.scr

    2009-08-19 11:01 2,585,872 ac------ C:\WindowsInstaller-KB893803-v2-x86.exe

    2009-08-12 12:16 <DIR> -cd-h--- c:\windows\PIF

     

    ==================== Find3M ====================

     

    2008-04-17 14:27 25,600 ac------ c:\documents and settings\david wang\usbsermptxp.sys

    2008-04-17 14:27 22,768 ac------ c:\documents and settings\david wang\usbsermpt.sys

     

    ============= FINISH: 13:36:37.42 ===============

    0
  • Customer

    attach.txt zipped and uploaded.

    Attach.rar

    0
  • Customer

    I do not. I lost it in my recent move. But I can get my hands on some XP discs from my friend. Will that work or do I need the original discs that came with my laptop?

    0

Please sign in to leave a comment.