"This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix the problem."
I am a total newbie with computers, so please forgive me if I sound ignorant... I think my computer has been infected by a virus or malware. Everytime I try to launch an .exe application, I get the error message in the title. I am only able to open Firefox. I have tried to DL and install hijackthis to create a log, but I am unable to open the .exe file. The same message appears. Something is affecting Window's ability to launch .exe files. I am running Windows XP Pro and I do not have my back up discs. I lost them in a recent move.
My problem is eerily similar to that of the user in this post. http://www.lavasoftsupport.com/index.php?showtopic=26442
Could someone help me out?
Thanks,
Dave
-
Can anyone help me out? I'm at wits end trying to fix this bug. Thanks in advance.
Dave
0 -
Hi,
Please download xp_exe_fix.zip archive attached to this message and extract it to your desktop. Double-click fix.vbs and let it run.
Note: Fix is meant to be used in this specific case only. Using it in some other computer or operating system is strictly prohibited and may render your system inoperable.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
[*]Save both reports to your desktop. Post them back to your topic.
- DDS.txt
Download GMER and save it your desktop:
- Extract it to your desktop and double-click GMER.exe
- Click rootkit-tab and then scan.
-
Don't check
Show All
box while scanning in progress!
- When scanning is ready, click Copy.
- This copies log to clipboard
- Post log in your reply.
0 - When done, DDS will open two (2) logs:
-
Hi,
Try to use c:\windows\system32\wscript.exe to open the file. Let me know how it goes.
0 -
Blade,
First of all, thanks for the reply. I DLed the zip file and extracted fix.vbs to the desktop, but when I tried to double click it and run it, the computer tells me that "windows cannot open this file: to open this file, windows needs to know what program created it." It then gives me 2 options. Use the web service to find the appropriate program or select the program from a list. I have no idea what program is used to open up vbs files... Please advise. Thanks.
Dave
0 -
When I did that and used windows script host, I got "There is no script engine for file extension ".vbs"
0 -
Hi,
Open "My computer". Click Tools->Folder options->activate file types -tab. Is the list empty or do you have some types listed there?
0 -
When I click on the file types tab, I get a list of registered file types. I didn't see vbs extensions, so I then manually entered VBS as an extension and manually changed the details for vbs using windows script as the program to open vbs extensions. But still the program does not open and I get the same result. Should I be doing something different?
0 -
Hi,
See if you're able to download and run DDS. When it asks for download location place it to root of your c: drive and name as firefox.exe.
0 -
I was able to DL and save the file to the root directory in the C: drive and changed the name to firefox.exe. When I tried to run it, it said: "cmd, this application has failed to start because the application configuration is incorrect", same as before...
0 -
Hi,
Please try same renaming trick with GMER and see if you can run it.
- Download random's system information tool (RSIT) by random/random from here and save it to your desktop as firefox.exe.
- Double click on renamed file to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
Also, please see if you can find folder with nothing but pure digits in its name (i.e. 4298219) in C:\Documents and Settings\All Users\Application Data folder. If you find such folder move it to your desktop.
0 - Download random's system information tool (RSIT) by random/random from here and save it to your desktop as firefox.exe.
-
It's hidden by default.
Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
0 -
I DL and saved both the GMER and RSIT file, but could not run either one. Same error as with all the other exe files.
I also looked in C:\Documents and Settings\All Users\, but I do not have an application data folder? Could my XP be totally wacked?
This is truly frustrating...
0 -
- Download OTL (name it as dave.com while selecting destination location) to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
0 - Download OTL (name it as dave.com while selecting destination location) to your desktop.
-
OK, accessed the hidden files, but there isn't a file folder with just pure digits. Actually, there isn't a folder with a single number in it...
Now what?
0 -
DLed and renamed OTL, but I cannot run the program. Everytime I try to run an exe program, the message comes up regardless of what I name it. DL and renaming is not a problem, it's when I go to launch the program. There has to be something else.
Dave
0 -
OK, I changed the name after the DL. That's where I went wrong. But I have another problem. I'm using FF and there's a DL manager that pops up and it automatically saves the file for me without asking for a name or where to save it to. Where can I change this option so that I can DL and save the file as something else?
Dave
0 -
DLed and renamed OTL, but I cannot run the program.
Did you download it first before changing the name? It has to be renamed before its saved to your hard drive. Use name svchost.exe and place the file to your c: root (c:\)
After that, here are steps to follow (print/save these and above listed OTL related instructions since you won't be able to access them while in safe mode):
Press F8 before Windows' loading screen and select safe mode with command prompt -option.
Then write following commands (I assume you have OTL with name svchost.exe in c:\):
-
c:
-
cd\
-
svchost.exe
0 -
-
Goto tools. On downloads section of main tab there's an option "Always ask me where to save files". Have it enabled.
0 -
Blade,
I followed your instructions and was able to run OTL, but after the scan completed I did not get OTL.txt and extras.txt files that you had mentioned. The program ran fine and when it finished there was a message at the bottom saying "scan completed". Is there something else I need to do to get the files? BTW, this was all done in windows and not safe mode. I was not able to boot into safe mode.
0 -
Blade,
Nevermind my previous reply. I found the OTL and extras files from the OTL output on my desktop. I had to clean a few things up before I could see it. I will post the results in the next post for you to see. Thanks.
Dave
0 -
OTL logfile created on: 8/19/2009 11:19:54 AM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\david wang\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.80 Mb Total Physical Memory | 208.18 Mb Available Physical Memory | 41.40% Memory free
1.20 Gb Paging File | 1.03 Gb Available in Paging File | 85.88% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 7.17 Gb Free Space | 38.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAVID
Current User Name: david wang
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\david wang\Desktop\dave.com.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (browserctl [Auto | Stopped]) -- C:\Program Files\BrowserCtl\BrowserCtl.dll ()
SRV - (EvtEng [Auto | Stopped]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RegSrvc [Auto | Stopped]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Stopped]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (sys [Auto | Stopped]) -- C:\Program Files\sys\sys.dll ()
SRV - (UMWdf [Auto | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
========== Driver Services (SafeList) ==========
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (browserctldrv [system | Running]) -- C:\Program Files\BrowserCtl\BrowserCtl.sys (BrowserCtl)
DRV - (FTD2XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\VAGUSB.sys (FTDI Ltd.)
DRV - (giveio [boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ATKACPI.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rmedia [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\rmedia.sys (REDC)
DRV - (RT-USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\RT-USB.sys (Ross-Tech, LLC)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (s24trans [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SASDIFSV [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (speedfan [boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (sysdrv [system | Running]) -- C:\Program Files\sys\sys.sys (sys)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - (VAGUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\VAGUSB.sys (FTDI Ltd.)
DRV - (w22n51 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys (Intel® Corporation)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?p=1151392084"
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.0.9
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20081203
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={E113B85B-DB91-D189-5821-5BE04612C681}&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/10 23:32:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/10 23:32:08 | 00,000,000 | ---D | M]
[2008/08/14 22:47:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Extensions
[2008/08/14 22:47:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/18 14:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions
[2009/02/02 12:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/03/28 19:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2006/09/15 10:35:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions\videodowloader@videodownloader.net
[2008/08/14 22:47:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/10 23:32:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/10 23:31:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/10 23:31:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/04 09:14:08 | 00,211,456 | ---- | M] () -- C:\Program Files\mozilla firefox\components\srff.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/02/23 00:25:15 | 00,700,416 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/02/23 18:51:35 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2006/09/15 12:10:21 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/08/10 23:32:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/05/17 10:10:35 | 00,144,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/05/17 10:10:49 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/05/17 10:10:34 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/03/06 09:53:13 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/06 09:53:13 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/06 09:53:13 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/06 09:53:13 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/28 19:54:36 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/03/28 19:54:36 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2009/03/06 09:53:13 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/06 09:53:13 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/06 09:53:13 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (143 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 antispy.microsoft.com
O1 - Hosts: 209.44.111.62 antiaware-pro.com
O1 - Hosts: 209.44.111.62 www.antiaware-pro.com
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (ICQSys (IE PlugIn)) - {F54AF7DE-6038-4026-8433-CC30E3F17212} - C:\WINDOWS\System32\dddesot.dll (ASC - AntiSpyware)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [pp] C:\windows\pp10.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [sysfbtray] c:\windows\freddy57.exe ()
O4 - HKLM..\Run: [sysldtray] C:\windows\ld11.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [GetModule36] C:\Program Files\GetModule\GetModule36.exe File not found
O4 - HKCU..\Run: [GetPack28] C:\Program Files\GetPack\GetPack28.exe File not found
O4 - HKCU..\Run: [ikrk] C:\PROGRA~1\COMMON~1\ikrk\ikrkm.exe File not found
O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Twain] C:\Documents and Settings\david wang\Application Data\Twain\Twain.exe File not found
O4 - HKCU..\Run: [VnrPack22] C:\Program Files\VnrPack\VnrPack22.exe File not found
O4 - HKCU..\Run: [VnrPack23] C:\Program Files\VnrPack\VnrPack23.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\david wang\Start Menu\Programs\Startup\RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.exe (Ross-Tech, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3234504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/a/0...5ce/mpg4dmo.CAB (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.217
O18 - Protocol\Handler\httpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\httpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (lrmgig.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxyxurQg) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/23 19:30:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/19 11:10:04 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\david wang\Desktop\dave.com.exe
[2009/08/19 11:08:47 | 00,359,932 | ---- | C] () -- C:\firefox.exe.scr
[2009/08/19 11:06:55 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\dds.scr
[2009/08/19 11:01:19 | 02,585,872 | ---- | C] (Microsoft Corporation) -- C:\WindowsInstaller-KB893803-v2-x86.exe
[2009/08/18 14:01:19 | 00,000,473 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\Shortcut to firefox.lnk
[2009/08/12 12:40:05 | 00,279,461 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\gmer.zip
[2009/08/12 12:16:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/08/12 09:29:04 | 00,002,922 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\fix.vbs
[2009/08/12 09:28:24 | 00,001,085 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\xp_exe_fix.zip
[2009/08/11 16:05:11 | 00,817,664 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\david wang\Desktop\depends.exe
[2009/08/11 15:58:19 | 01,821,192 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\david wang\Desktop\vcredist_x86.exe
[2009/08/11 15:47:27 | 00,959,573 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\EFRCSetup.exe
[2009/08/10 23:59:26 | 00,008,550 | ---- | C] () -- C:\WINDOWS\System32\wispex.html
[2009/08/10 23:59:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/08/10 23:58:23 | 00,000,064 | ---- | C] () -- C:\WINDOWS\ppp4.dat
[2009/08/10 23:58:23 | 00,000,001 | ---- | C] () -- C:\WINDOWS\ppp3.dat
[2009/08/10 23:58:19 | 00,827,392 | ---- | C] (ASC - AntiSpyware) -- C:\WINDOWS\System32\dddesot.dll
[2009/08/10 23:58:19 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/10 23:58:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\desot.exe
[2009/08/10 23:58:18 | 00,000,093 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/10 23:58:18 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/10 23:57:56 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Antivirus Pro
[2009/08/10 23:33:05 | 00,000,000 | ---D | C] -- C:\Program Files\BrowserCtl
[2009/08/10 23:32:55 | 00,000,002 | ---- | C] () -- C:\WINDOWS10112010146120114.dat
[2009/08/10 23:31:44 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\th823567.dat
[2009/08/10 23:31:43 | 00,030,208 | ---- | C] () -- C:\WINDOWS\freddy57.exe
[2008/12/03 01:50:02 | 00,865,158 | -HS- | C] () -- C:\WINDOWS\System32\gQruxyxx.ini2
[2008/12/03 01:49:59 | 00,865,158 | -HS- | C] () -- C:\WINDOWS\System32\gQruxyxx.ini
[2007/01/18 11:28:57 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/18 11:28:57 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/12 21:08:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 12:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/07/25 13:32:11 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\auc4.ini
[2006/06/27 00:55:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/26 19:18:11 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS.SYS
[2006/06/23 19:52:40 | 00,005,786 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2006/06/23 19:48:43 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2004/08/04 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== Files - Modified Within 30 Days ==========
[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/19 11:09:39 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\david wang\Desktop\dave.com.exe
[2009/08/19 11:07:38 | 00,359,932 | ---- | M] () -- C:\firefox.exe.scr
[2009/08/19 11:06:36 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\dds.scr
[2009/08/19 11:01:14 | 02,585,872 | ---- | M] (Microsoft Corporation) -- C:\WindowsInstaller-KB893803-v2-x86.exe
[2009/08/18 14:01:19 | 00,000,473 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\Shortcut to firefox.lnk
[2009/08/18 13:59:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/18 13:59:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/12 15:49:08 | 00,002,922 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\fix.vbs
[2009/08/12 12:39:57 | 00,279,461 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\gmer.zip
[2009/08/12 09:28:01 | 00,001,085 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\xp_exe_fix.zip
[2009/08/11 15:58:18 | 01,821,192 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\david wang\Desktop\vcredist_x86.exe
[2009/08/11 15:47:31 | 00,959,573 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\EFRCSetup.exe
[2009/08/11 09:54:34 | 11,570,426 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\I Gotta Feeling - Black Eyed Peas.mp3
[2009/08/11 00:03:52 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\desot.exe
[2009/08/11 00:03:50 | 00,000,064 | ---- | M] () -- C:\WINDOWS\ppp4.dat
[2009/08/11 00:03:50 | 00,000,001 | ---- | M] () -- C:\WINDOWS\ppp3.dat
[2009/08/11 00:03:25 | 00,827,392 | ---- | M] (ASC - AntiSpyware) -- C:\WINDOWS\System32\dddesot.dll
[2009/08/10 23:58:19 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/10 23:58:18 | 00,000,093 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/10 23:58:18 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/10 23:32:55 | 00,000,002 | ---- | M] () -- C:\WINDOWS10112010146120114.dat
[2009/08/10 23:31:44 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\th823567.dat
[2009/08/10 23:31:43 | 00,030,208 | ---- | M] () -- C:\WINDOWS\freddy57.exe
========== LOP Check ==========
[2008/10/28 12:22:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2006/06/27 23:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2006/07/07 00:34:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2008/10/28 12:19:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/10/04 00:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/02 12:06:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\david wang\Application Data
[2006/06/27 11:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Aim
[2006/06/28 21:26:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Downloaded Installations
[2009/02/02 11:03:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\GetModule
[2006/07/07 00:35:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Intel
[2009/02/02 12:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Twain
[2008/09/23 19:31:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\uTorrent
[2007/01/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Viewpoint
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
0 -
OTL Extras logfile created on: 8/19/2009 11:11:56 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\david wang\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.80 Mb Total Physical Memory | 233.45 Mb Available Physical Memory | 46.43% Memory free
1.20 Gb Paging File | 1.05 Gb Available in Paging File | 87.40% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 7.17 Gb Free Space | 38.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAVID
Current User Name: david wang
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\WINDOWS\System32\desot.exe ()
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbs [@ = ft000002] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
"{5E86E9C0-3FE1-44C4-BE6D-2D88493E812C}" = Videosoft H.264 Decoder 2.2 BETA
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"6D07236E1D2F8479C88537ED0B7EB5D15ABBF7D5" = Windows Driver Package - Ross-Tech USB Driver Package (11/16/2007 6.0.2.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Instant Messenger" = AOL Instant Messenger
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_18261043" = SoftV92 Data Fax Modem with SmartCP
"DivX Content Uploader" = DivX Content Uploader
"DVD Shrink_is1" = DVD Shrink 3.2
"eMule" = eMule
"FLVPlayer" = FLV Player 1.3.3
"GSpot" = GSpot Codec Information Appliance
"Hcontrol" = ATK0100 ACPI UTILITY
"meGUI modern media encoder" = meGUI modern media encoder (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"Official Factory Repair Manual Audi 100, A6 1992-1997" = Official Factory Repair Manual Audi 100, A6 1992-1997
"Panerai" = Panerai
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpeedFan" = SpeedFan (remove only)
"tournamentgames_3.exe" = Tournament Games (remove only)
"uTorrent" = µTorrent
"VCDS Release 805" = VCDS Release 805.1
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Win Antivirus Pro" = Windows Antivirus Pro
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check" = ESPN Java Check
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
0 -
Blade,
Thanks for your help. Whatever Combofix was, it did the trick. Laptop is back to normal... Should I keep the Combofix application to run for future use or is it a one time fix application only applicable this time?
BTW, when I was stuck with OTL (when it wouldn't run), I searched further on the web looking for anything similar to fix the issue. I found and DLed vcredist_x86. It allowed me to run any new DLed exe applications. I don't know what it was, but it allowed me to run OTL.
0 -
Hi again,
Good to see you made OTL run
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Download Combofix from any of the links below. You must rename it before saving it (use name sVCHost.exe). Save it to your desktop.
--------------------------------------------------------------------
Double click on sVCHost.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt so we can continue cleaning the system.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
0 - Please post the C:\ComboFix.txt so we can continue cleaning the system.
-
Combofix text file:
ComboFix 09-08-18.04 - david wang 08/19/2009 12:02.1.1 - NTFSx86
Running from: c:\documents and settings\david wang\Desktop\ComboFix.exe
Command switches used :: file:///C:/Documents0and0Settings/david0wang/Desktop/sVCHost.exe
* Created a new restore point
framedyn.dll is missing
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\david wang\Application Data\GetModule
c:\documents and settings\david wang\Application Data\GetModule\dicik.gz
c:\documents and settings\david wang\Application Data\GetModule\kwdik.gz
c:\documents and settings\david wang\Application Data\GetModule\ofadik.gz
c:\documents and settings\NetworkService\Application Data\NetMon
c:\documents and settings\NetworkService\Application Data\NetMon\domains.txt
c:\documents and settings\NetworkService\Application Data\NetMon\log.txt
c:\program files\BrowserCtl
c:\program files\BrowserCtl\BrowserCtl.dll
c:\program files\BrowserCtl\BrowserCtl.sys
c:\program files\Mozilla Firefox\components\srff.dll
c:\program files\sys
c:\program files\sys\sys.dll
c:\program files\sys\sys.sys
c:\program files\Windows Antivirus Pro
c:\program files\Windows Antivirus Pro\msvcm80.dll
c:\program files\Windows Antivirus Pro\msvcp80.dll
c:\program files\Windows Antivirus Pro\msvcr80.dll
c:\program files\Windows Antivirus Pro\tmp\dbsinit.exe
c:\program files\Windows Antivirus Pro\tmp\images\i1.gif
c:\program files\Windows Antivirus Pro\tmp\images\i2.gif
c:\program files\Windows Antivirus Pro\tmp\images\i3.gif
c:\program files\Windows Antivirus Pro\tmp\images\j1.gif
c:\program files\Windows Antivirus Pro\tmp\images\j2.gif
c:\program files\Windows Antivirus Pro\tmp\images\j3.gif
c:\program files\Windows Antivirus Pro\tmp\images\jj1.gif
c:\program files\Windows Antivirus Pro\tmp\images\jj2.gif
c:\program files\Windows Antivirus Pro\tmp\images\jj3.gif
c:\program files\Windows Antivirus Pro\tmp\images\l1.gif
c:\program files\Windows Antivirus Pro\tmp\images\l2.gif
c:\program files\Windows Antivirus Pro\tmp\images\l3.gif
c:\program files\Windows Antivirus Pro\tmp\images\pix.gif
c:\program files\Windows Antivirus Pro\tmp\images\t1.gif
c:\program files\Windows Antivirus Pro\tmp\images\t2.gif
c:\program files\Windows Antivirus Pro\tmp\images\up1.gif
c:\program files\Windows Antivirus Pro\tmp\images\up2.gif
c:\program files\Windows Antivirus Pro\tmp\images\w1.gif
c:\program files\Windows Antivirus Pro\tmp\images\w11.gif
c:\program files\Windows Antivirus Pro\tmp\images\w2.gif
c:\program files\Windows Antivirus Pro\tmp\images\w3.gif
c:\program files\Windows Antivirus Pro\tmp\images\w3.jpg
c:\program files\Windows Antivirus Pro\tmp\images\wt1.gif
c:\program files\Windows Antivirus Pro\tmp\images\wt2.gif
c:\program files\Windows Antivirus Pro\tmp\images\wt3.gif
c:\program files\Windows Antivirus Pro\tmp\wispex.html
c:\program files\Windows Antivirus Pro\Windows Antivirus Pro.exe
c:\windows10112010146118114.dat
c:\windows10112010146120114.dat
c:\windows101120101464849.dat
c:\windows101120101465752.dat
c:\windows\934fdfg34fgjf23
c:\windows\bf23567.dat
c:\windows\freddy49.exe
c:\windows\freddy57.exe
c:\windows\ld11.exe
c:\windows\pp10.exe
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\son_1248102413.exe
c:\windows\strt_1246452705.exe
c:\windows\system32121mixed.bin
c:\windows\system32\bennuar.old
c:\windows\system32\dddesot.dll
c:\windows\system32\desot.exe
c:\windows\system32\gQruxyxx.ini
c:\windows\system32\gQruxyxx.ini2
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\logs
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\threat448y.bin
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\winsrc.dll.tmp
c:\windows\system32\wispex.html
c:\windows\th823567.dat
c:\windows\wiaserviv.log
Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\MsPMSNSv.dll
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BROWSERCTL
-------\Legacy_BROWSERCTLDRV
-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Service_browserctl
-------\Service_browserctldrv
-------\Service_SfX
-------\Service_sys
-------\Service_sysdrv
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.
2009-08-19 15:08 . 2009-08-19 15:07 359932 -c--a-w- C:\firefox.exe.scr
2009-08-19 15:01 . 2009-08-19 15:01 2585872 -c--a-w- C:\WindowsInstaller-KB893803-v2-x86.exe
2009-08-14 20:26 . 2009-08-14 20:26 488960 -c--a-w- c:\documents and settings\david wang\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-08-14 20:26 . 2009-08-14 20:26 319488 -c--a-w- c:\documents and settings\david wang\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-08-12 16:16 . 2009-08-12 16:16 -------- dc-h--w- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 04:12 . 2009-07-01 04:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-04 05:51 . 2008-12-04 05:51 1404399 -csh--w- c:\windows\system32\kxpqxnuk.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-09-13 4621816]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-17 185784]
c:\documents and settings\david wang\Start Menu\Programs\Startup\
RT-Updater.lnk - c:\ross-tech\VCDS\VCDS.exe [2008-12-23 1057792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 21:28 352256 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [x]
R3 FTD2XX;VAGUSB.SYS VAG-COM USB Driver;c:\windows\system32\Drivers\VAGUSB.sys [2005-12-15 34639]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.sys [2007-11-16 54400]
R3 VAGUSB;VAGUSB.SYS USB Driver;c:\windows\system32\Drivers\VAGUSB.sys [2005-12-15 34639]
R3 wg51und5;NETGEAR WG511U Wireless Network Adapter Service;c:\windows\system32\DRIVERS\wg51und5.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ikrk - c:\progra~1\COMMON~1\ikrk\ikrkm.exe
HKCU-Run-VnrPack22 - c:\program files\VnrPack\VnrPack22.exe
HKCU-Run-GetPack28 - c:\program files\GetPack\GetPack28.exe
HKCU-Run-VnrPack23 - c:\program files\VnrPack\VnrPack23.exe
HKCU-Run-GetModule36 - c:\program files\GetModule\GetModule36.exe
HKLM-Run-sysfbtray - c:\windows\freddy57.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\david wang\Application Data\Mozilla\Firefox\Profiles\1387k14y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?p=1151392084
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={E113B85B-DB91-D189-5821-5BE04612C681}&q=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 12:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Real\RealPlayer\realplay.exe
c:\program files\Real\RealPlayer\realplay.exe
.
**************************************************************************
.
Completion time: 2009-08-19 12:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 16:20
Pre-Run: 9,148,375,040 bytes free
Post-Run: 10,976,776,192 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
236
0 -
Should I keep the Combofix application to run for future use or is it a one time fix application only applicable this time?
No, ComboFix is not general removal tool. It should be used under supervision of trained helper only. We'll remove it after cleaning process is ready.
Please download SystemLook from one of the links below and save it to your Desktop.
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:filefind
framedyn.dll
proquota.exe
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Please see if you're able to run DDS too.
0 - Double-click SystemLook.exe to run it.
-
SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 13:33 on 19/08/2009 by david wang (Administrator - Elevation successful)
========== filefind ==========
Searching for "framedyn.dll"
No files found.
Searching for "proquota.exe"
No files found.
-=End Of File=-
0 -
DDS.txt log file:
DDS (Ver_09-07-30.01) - NTFSx86
Run by david wang at 13:36:29.53 on Wed 08/19/2009
Internet Explorer: 6.0.2900.2180
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.7.0\ViewBarBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.7.0\IEViewBar.dll
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\davidw~1\startm~1\programs\startup\rt-upd~1.lnk - c:\ross-tech\vcds\VCDS.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3234504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/a/0/0/a0043c6c-8cd6-428e-9c9e-01883020f5ce/mpg4dmo.CAB
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: schannel.dll, digest.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\davidw~1\applic~1\mozilla\firefox\profiles\1387k14y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?p=1151392084
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={E113B85B-DB91-D189-5821-5BE04612C681}&q=
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-08-19 12:18 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-19 12:00 <DIR> acdshr-- C:\cmdcons
2009-08-19 11:59 216,064 ac------ c:\windows\PEV.exe
2009-08-19 11:59 161,792 ac------ c:\windows\SWREG.exe
2009-08-19 11:59 98,816 ac------ c:\windows\sed.exe
2009-08-19 11:08 359,932 ac------ C:\firefox.exe.scr
2009-08-19 11:01 2,585,872 ac------ C:\WindowsInstaller-KB893803-v2-x86.exe
2009-08-12 12:16 <DIR> -cd-h--- c:\windows\PIF
==================== Find3M ====================
2008-04-17 14:27 25,600 ac------ c:\documents and settings\david wang\usbsermptxp.sys
2008-04-17 14:27 22,768 ac------ c:\documents and settings\david wang\usbsermpt.sys
============= FINISH: 13:36:37.42 ===============
0 -
attach.txt zipped and uploaded.
0 -
I do not. I lost it in my recent move. But I can get my hands on some XP discs from my friend. Will that work or do I need the original discs that came with my laptop?
0
Please sign in to leave a comment.
Comments
61 comments