"This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix the problem."

[dwang0725 0]

I am a total newbie with computers, so please forgive me if I sound ignorant... I think my computer has been infected by a virus or malware. Everytime I try to launch an .exe application, I get the error message in the title. I am only able to open Firefox. I have tried to DL and install hijackthis to create a log, but I am unable to open the .exe file. The same message appears. Something is affecting Window's ability to launch .exe files. I am running Windows XP Pro and I do not have my back up discs. I lost them in a recent move.

 

My problem is eerily similar to that of the user in this post. http://www.lavasoftsupport.com/index.php?showtopic=26442

 

Could someone help me out?

 

 

Thanks,

Dave

[dwang0725 0]

Can anyone help me out? I'm at wits end trying to fix this bug. Thanks in advance.

 

 

Dave

[blade81 3]

Hi,

 

Please download xp_exe_fix.zip archive attached to this message and extract it to your desktop. Double-click fix.vbs and let it run.

 

Note: Fix is meant to be used in this specific case only. Using it in some other computer or operating system is strictly prohibited and may render your system inoperable.

 

 

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
     
  2. Attach.txt
     

  [*]Save both reports to your desktop. Post them back to your topic.

Download GMER and save it your desktop:

• Extract it to your desktop and double-click GMER.exe
  
• Click rootkit-tab and then scan.
  
• Don't check
  Show All
  box while scanning in progress!
  
• When scanning is ready, click Copy.
  
• This copies log to clipboard
  
• Post log in your reply.
  

[dwang0725 0]

Blade,

First of all, thanks for the reply. I DLed the zip file and extracted fix.vbs to the desktop, but when I tried to double click it and run it, the computer tells me that "windows cannot open this file: to open this file, windows needs to know what program created it." It then gives me 2 options. Use the web service to find the appropriate program or select the program from a list. I have no idea what program is used to open up vbs files... Please advise. Thanks.

 

 

Dave

[blade81 3]

Hi,

 

Try to use c:\windows\system32\wscript.exe to open the file. Let me know how it goes.

[dwang0725 0]

When I did that and used windows script host, I got "There is no script engine for file extension ".vbs"

[blade81 3]

Hi,

 

Open "My computer". Click Tools->Folder options->activate file types -tab. Is the list empty or do you have some types listed there?

[dwang0725 0]

When I click on the file types tab, I get a list of registered file types. I didn't see vbs extensions, so I then manually entered VBS as an extension and manually changed the details for vbs using windows script as the program to open vbs extensions. But still the program does not open and I get the same result. Should I be doing something different?

[blade81 3]

Hi,

 

See if you're able to download and run DDS. When it asks for download location place it to root of your c: drive and name as firefox.exe.

[dwang0725 0]

I was able to DL and save the file to the root directory in the C: drive and changed the name to firefox.exe. When I tried to run it, it said: "cmd, this application has failed to start because the application configuration is incorrect", same as before...

[blade81 3]

Hi,

 

Please try same renaming trick with GMER and see if you can run it.

 

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop as firefox.exe.
  
• Double click on renamed file to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
  

Also, please see if you can find folder with nothing but pure digits in its name (i.e. 4298219) in C:\Documents and Settings\All Users\Application Data folder. If you find such folder move it to your desktop.

[dwang0725 0]

I DL and saved both the GMER and RSIT file, but could not run either one. Same error as with all the other exe files.

 

I also looked in C:\Documents and Settings\All Users\, but I do not have an application data folder? Could my XP be totally wacked?

 

This is truly frustrating...

[blade81 3]

It's hidden by default.

 

Show hidden files

-----------------

* Click Start.

* Open My Computer.

* Select the Tools menu and click Folder Options.

* Select the View Tab.

* Under the Hidden files and folders heading select Show hidden files and folders.

* Uncheck the Hide protected operating system files (recommended) option.

* Click Yes to confirm.

* Click OK.

[dwang0725 0]

OK, accessed the hidden files, but there isn't a file folder with just pure digits. Actually, there isn't a folder with a single number in it...

 

Now what?

[blade81 3]

• Download OTL (name it as dave.com while selecting destination location) to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

[dwang0725 0]

DLed and renamed OTL, but I cannot run the program. Everytime I try to run an exe program, the message comes up regardless of what I name it. DL and renaming is not a problem, it's when I go to launch the program. There has to be something else.

 

 

Dave

[blade81 3]

DLed and renamed OTL, but I cannot run the program.

Did you download it first before changing the name? It has to be renamed before its saved to your hard drive. Use name svchost.exe and place the file to your c: root (c:\)

 

After that, here are steps to follow (print/save these and above listed OTL related instructions since you won't be able to access them while in safe mode):

Press F8 before Windows' loading screen and select safe mode with command prompt -option.

Then write following commands (I assume you have OTL with name svchost.exe in c:\):

• c:
  
• cd\
  
• svchost.exe
  

[dwang0725 0]

OK, I changed the name after the DL. That's where I went wrong. But I have another problem. I'm using FF and there's a DL manager that pops up and it automatically saves the file for me without asking for a name or where to save it to. Where can I change this option so that I can DL and save the file as something else?

 

 

Dave

[blade81 3]

Goto tools. On downloads section of main tab there's an option "Always ask me where to save files". Have it enabled.

[dwang0725 0]

Blade,

I followed your instructions and was able to run OTL, but after the scan completed I did not get OTL.txt and extras.txt files that you had mentioned. The program ran fine and when it finished there was a message at the bottom saying "scan completed". Is there something else I need to do to get the files? BTW, this was all done in windows and not safe mode. I was not able to boot into safe mode.

[dwang0725 0]

Blade,

Nevermind my previous reply. I found the OTL and extras files from the OTL output on my desktop. I had to clean a few things up before I could see it. I will post the results in the next post for you to see. Thanks.

 

 

Dave

[dwang0725 0]

OTL Extras logfile created on: 8/19/2009 11:11:56 AM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\david wang\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

502.80 Mb Total Physical Memory | 233.45 Mb Available Physical Memory | 46.43% Memory free

1.20 Gb Paging File | 1.05 Gb Available in Paging File | 87.40% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 18.62 Gb Total Space | 7.17 Gb Free Space | 38.52% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: DAVID

Current User Name: david wang

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- C:\WINDOWS\System32\desot.exe ()

.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.js [@ = jsfile] -- Reg Error: Key error. File not found

.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.vbs [@ = ft000002] -- Reg Error: Key error. File not found

.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update

"{5E86E9C0-3FE1-44C4-BE6D-2D88493E812C}" = Videosoft H.264 Decoder 2.2 BETA

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"6D07236E1D2F8479C88537ED0B7EB5D15ABBF7D5" = Windows Driver Package - Ross-Tech USB Driver Package (11/16/2007 6.0.2.0)

"AC3Filter" = AC3Filter (remove only)

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"AOL Instant Messenger" = AOL Instant Messenger

"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_18261043" = SoftV92 Data Fax Modem with SmartCP

"DivX Content Uploader" = DivX Content Uploader

"DVD Shrink_is1" = DVD Shrink 3.2

"eMule" = eMule

"FLVPlayer" = FLV Player 1.3.3

"GSpot" = GSpot Codec Information Appliance

"Hcontrol" = ATK0100 ACPI UTILITY

"meGUI modern media encoder" = meGUI modern media encoder (remove only)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)

"Official Factory Repair Manual Audi 100, A6 1992-1997" = Official Factory Repair Manual Audi 100, A6 1992-1997

"Panerai" = Panerai

"ProInst" = Intel® PROSet/Wireless Software

"RealPlayer 6.0" = RealPlayer

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"SpeedFan" = SpeedFan (remove only)

"tournamentgames_3.exe" = Tournament Games (remove only)

"uTorrent" = µTorrent

"VCDS Release 805" = VCDS Release 805.1

"Viewpoint Manager" = Viewpoint Manager (Remove Only)

"Viewpoint Toolbar" = Viewpoint Toolbar

"ViewpointMediaPlayer" = Viewpoint Media Player

"Win Antivirus Pro" = Windows Antivirus Pro

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinRAR archiver" = WinRAR archiver

"Xvid_is1" = Xvid 1.1.2 final uninstall

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Customizations" = Yahoo! Browser Services

"Yahoo! Internet Mail" = Yahoo! Internet Mail

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Toolbar" = Yahoo! Toolbar

"YInstHelper" = Yahoo! Install Manager

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ESPN Java Check" = ESPN Java Check

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

[dwang0725 0]

OTL logfile created on: 8/19/2009 11:19:54 AM - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\david wang\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

502.80 Mb Total Physical Memory | 208.18 Mb Available Physical Memory | 41.40% Memory free

1.20 Gb Paging File | 1.03 Gb Available in Paging File | 85.88% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 18.62 Gb Total Space | 7.17 Gb Free Space | 38.52% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: DAVID

Current User Name: david wang

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Documents and Settings\david wang\Desktop\dave.com.exe (OldTimer Tools)

 

========== Win32 Services (SafeList) ==========

 

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)

SRV - (browserctl [Auto | Stopped]) -- C:\Program Files\BrowserCtl\BrowserCtl.dll ()

SRV - (EvtEng [Auto | Stopped]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (RegSrvc [Auto | Stopped]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (S24EventMonitor [Auto | Stopped]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (sys [Auto | Stopped]) -- C:\Program Files\sys\sys.dll ()

SRV - (UMWdf [Auto | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

SRV - (Viewpoint Manager Service [Auto | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

 

========== Driver Services (SafeList) ==========

 

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)

DRV - (AegisP [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)

DRV - (browserctldrv [system | Running]) -- C:\Program Files\BrowserCtl\BrowserCtl.sys (BrowserCtl)

DRV - (FTD2XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\VAGUSB.sys (FTDI Ltd.)

DRV - (giveio [boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()

DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)

DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ATKACPI.sys ()

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (rmedia [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\rmedia.sys (REDC)

DRV - (RT-USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\RT-USB.sys (Ross-Tech, LLC)

DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)

DRV - (s24trans [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)

DRV - (SASDIFSV [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)

DRV - (speedfan [boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)

DRV - (sysdrv [system | Running]) -- C:\Program Files\sys\sys.sys (sys)

DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys (Microsoft Corporation)

DRV - (VAGUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\VAGUSB.sys (FTDI Ltd.)

DRV - (w22n51 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys (Intel® Corporation)

DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys (Intel® Corporation)

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)

DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"

FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="

FF - prefs.js..browser.search.order.1: "Fast Browser Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?p=1151392084"

FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.0.9

FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20081203

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={E113B85B-DB91-D189-5821-5BE04612C681}&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/10 23:32:08 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/10 23:32:08 | 00,000,000 | ---D | M]

 

[2008/08/14 22:47:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Extensions

[2008/08/14 22:47:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/08/18 14:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions

[2009/02/02 12:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2009/03/28 19:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}

[2006/09/15 10:35:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\mozilla\Firefox\Profiles\1387k14y.default\extensions\[email protected]

[2008/08/14 22:47:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/08/10 23:32:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/10 23:31:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/08/10 23:31:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2008/12/04 09:14:08 | 00,211,456 | ---- | M] () -- C:\Program Files\mozilla firefox\components\srff.dll

[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

[2007/02/23 00:25:15 | 00,700,416 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll

[2007/02/23 18:51:35 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2006/09/15 12:10:21 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll

[2009/08/10 23:32:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL

[2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2007/05/17 10:10:35 | 00,144,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2006/11/25 19:11:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2007/05/17 10:10:49 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll

[2007/05/17 10:10:34 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2009/03/06 09:53:13 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/03/06 09:53:13 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/03/06 09:53:13 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/03/06 09:53:13 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/03/28 19:54:36 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png

[2009/03/28 19:54:36 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

[2009/03/06 09:53:13 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/03/06 09:53:13 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/03/06 09:53:13 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

 

O1 HOSTS File: (143 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 209.44.111.62 antispy.microsoft.com

O1 - Hosts: 209.44.111.62 antiaware-pro.com

O1 - Hosts: 209.44.111.62 www.antiaware-pro.com

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll (Viewpoint Corporation)

O2 - BHO: (ICQSys (IE PlugIn)) - {F54AF7DE-6038-4026-8433-CC30E3F17212} - C:\WINDOWS\System32\dddesot.dll (ASC - AntiSpyware)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll (Viewpoint Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [pp] C:\windows\pp10.exe ()

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [sysfbtray] c:\windows\freddy57.exe ()

O4 - HKLM..\Run: [sysldtray] C:\windows\ld11.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found

O4 - HKCU..\Run: [GetModule36] C:\Program Files\GetModule\GetModule36.exe File not found

O4 - HKCU..\Run: [GetPack28] C:\Program Files\GetPack\GetPack28.exe File not found

O4 - HKCU..\Run: [ikrk] C:\PROGRA~1\COMMON~1\ikrk\ikrkm.exe File not found

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [Twain] C:\Documents and Settings\david wang\Application Data\Twain\Twain.exe File not found

O4 - HKCU..\Run: [VnrPack22] C:\Program Files\VnrPack\VnrPack22.exe File not found

O4 - HKCU..\Run: [VnrPack23] C:\Program Files\VnrPack\VnrPack23.exe File not found

O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\david wang\Start Menu\Programs\Startup\RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.exe (Ross-Tech, LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1

O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]

O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]

O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2006/09/22 19:24:11 | 00,000,000 | ---D | M]

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O13 - ftp Prefix: missing

O13 - gopher Prefix: missing

O13 - home Prefix: missing

O13 - mosaic Prefix: missing

O13 - www Prefix: missing

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {3234504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/a/0...5ce/mpg4dmo.CAB (Reg Error: Key error.)

O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.217

O18 - Protocol\Handler\httpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\httpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (lrmgig.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O29 - HKLM SecurityProviders - (digeste.dll) - File not found

O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxyxurQg) - File not found

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/06/23 19:30:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[3 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009/08/19 11:10:04 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\david wang\Desktop\dave.com.exe

[2009/08/19 11:08:47 | 00,359,932 | ---- | C] () -- C:\firefox.exe.scr

[2009/08/19 11:06:55 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\dds.scr

[2009/08/19 11:01:19 | 02,585,872 | ---- | C] (Microsoft Corporation) -- C:\WindowsInstaller-KB893803-v2-x86.exe

[2009/08/18 14:01:19 | 00,000,473 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\Shortcut to firefox.lnk

[2009/08/12 12:40:05 | 00,279,461 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\gmer.zip

[2009/08/12 12:16:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2009/08/12 09:29:04 | 00,002,922 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\fix.vbs

[2009/08/12 09:28:24 | 00,001,085 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\xp_exe_fix.zip

[2009/08/11 16:05:11 | 00,817,664 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\david wang\Desktop\depends.exe

[2009/08/11 15:58:19 | 01,821,192 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\david wang\Desktop\vcredist_x86.exe

[2009/08/11 15:47:27 | 00,959,573 | ---- | C] () -- C:\Documents and Settings\david wang\Desktop\EFRCSetup.exe

[2009/08/10 23:59:26 | 00,008,550 | ---- | C] () -- C:\WINDOWS\System32\wispex.html

[2009/08/10 23:59:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images

[2009/08/10 23:58:23 | 00,000,064 | ---- | C] () -- C:\WINDOWS\ppp4.dat

[2009/08/10 23:58:23 | 00,000,001 | ---- | C] () -- C:\WINDOWS\ppp3.dat

[2009/08/10 23:58:19 | 00,827,392 | ---- | C] (ASC - AntiSpyware) -- C:\WINDOWS\System32\dddesot.dll

[2009/08/10 23:58:19 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old

[2009/08/10 23:58:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\desot.exe

[2009/08/10 23:58:18 | 00,000,093 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm

[2009/08/10 23:58:18 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat

[2009/08/10 23:57:56 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Antivirus Pro

[2009/08/10 23:33:05 | 00,000,000 | ---D | C] -- C:\Program Files\BrowserCtl

[2009/08/10 23:32:55 | 00,000,002 | ---- | C] () -- C:\WINDOWS10112010146120114.dat

[2009/08/10 23:31:44 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\th823567.dat

[2009/08/10 23:31:43 | 00,030,208 | ---- | C] () -- C:\WINDOWS\freddy57.exe

[2008/12/03 01:50:02 | 00,865,158 | -HS- | C] () -- C:\WINDOWS\System32\gQruxyxx.ini2

[2008/12/03 01:49:59 | 00,865,158 | -HS- | C] () -- C:\WINDOWS\System32\gQruxyxx.ini

[2007/01/18 11:28:57 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007/01/18 11:28:57 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007/01/12 21:08:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2006/12/12 12:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2006/07/25 13:32:11 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\auc4.ini

[2006/06/27 00:55:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/06/26 19:18:11 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS.SYS

[2006/06/23 19:52:40 | 00,005,786 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys

[2006/06/23 19:48:43 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS

[2004/08/04 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004/08/04 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/08/04 08:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/04 08:00:00 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini

[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

 

========== Files - Modified Within 30 Days ==========

 

[3 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009/08/19 11:09:39 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\david wang\Desktop\dave.com.exe

[2009/08/19 11:07:38 | 00,359,932 | ---- | M] () -- C:\firefox.exe.scr

[2009/08/19 11:06:36 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\dds.scr

[2009/08/19 11:01:14 | 02,585,872 | ---- | M] (Microsoft Corporation) -- C:\WindowsInstaller-KB893803-v2-x86.exe

[2009/08/18 14:01:19 | 00,000,473 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\Shortcut to firefox.lnk

[2009/08/18 13:59:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/08/18 13:59:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/08/12 15:49:08 | 00,002,922 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\fix.vbs

[2009/08/12 12:39:57 | 00,279,461 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\gmer.zip

[2009/08/12 09:28:01 | 00,001,085 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\xp_exe_fix.zip

[2009/08/11 15:58:18 | 01,821,192 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\david wang\Desktop\vcredist_x86.exe

[2009/08/11 15:47:31 | 00,959,573 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\EFRCSetup.exe

[2009/08/11 09:54:34 | 11,570,426 | ---- | M] () -- C:\Documents and Settings\david wang\Desktop\I Gotta Feeling - Black Eyed Peas.mp3

[2009/08/11 00:03:52 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\desot.exe

[2009/08/11 00:03:50 | 00,000,064 | ---- | M] () -- C:\WINDOWS\ppp4.dat

[2009/08/11 00:03:50 | 00,000,001 | ---- | M] () -- C:\WINDOWS\ppp3.dat

[2009/08/11 00:03:25 | 00,827,392 | ---- | M] (ASC - AntiSpyware) -- C:\WINDOWS\System32\dddesot.dll

[2009/08/10 23:58:19 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old

[2009/08/10 23:58:18 | 00,000,093 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm

[2009/08/10 23:58:18 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat

[2009/08/10 23:32:55 | 00,000,002 | ---- | M] () -- C:\WINDOWS10112010146120114.dat

[2009/08/10 23:31:44 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\th823567.dat

[2009/08/10 23:31:43 | 00,030,208 | ---- | M] () -- C:\WINDOWS\freddy57.exe

 

========== LOP Check ==========

 

[2008/10/28 12:22:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2006/06/27 23:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink

[2006/07/07 00:34:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel

[2008/10/28 12:19:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2006/10/04 00:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/02/02 12:06:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\david wang\Application Data

[2006/06/27 11:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Aim

[2006/06/28 21:26:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Downloaded Installations

[2009/02/02 11:03:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\GetModule

[2006/07/07 00:35:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Intel

[2009/02/02 12:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Twain

[2008/09/23 19:31:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\uTorrent

[2007/01/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\david wang\Application Data\Viewpoint

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

[blade81 3]

Hi again,

 

Good to see you made OTL run

 

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

Download Combofix from any of the links below. You must rename it before saving it (use name sVCHost.exe). Save it to your desktop.

 

Link 1

Link 2

Link 3

 

 

 

--------------------------------------------------------------------

 

Double click on sVCHost.exe & follow the prompts.

When finished, it will produce a report for you.

• Please post the C:\ComboFix.txt so we can continue cleaning the system.
  

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

[dwang0725 0]

Blade,

Thanks for your help. Whatever Combofix was, it did the trick. Laptop is back to normal... Should I keep the Combofix application to run for future use or is it a one time fix application only applicable this time?

 

BTW, when I was stuck with OTL (when it wouldn't run), I searched further on the web looking for anything similar to fix the issue. I found and DLed vcredist_x86. It allowed me to run any new DLed exe applications. I don't know what it was, but it allowed me to run OTL.