Help - Unable to launch IE or FF - unable to run DDS

Lfmgtc59 · May 10, 2011

Extras.txt

OTL Extras logfile created on: 5/10/2011 7:42:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lee F. Mallory\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.09 Gb Total Space | 15.40 Gb Free Space | 16.54% Space Free | Partition Type: FAT32
Drive E: | 999.72 Mb Total Space | 555.81 Mb Free Space | 55.60% Space Free | Partition Type: FAT

Computer Name: LFM-01 | User Name: Lee F. Mallory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet

isabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet

isabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet

isabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet

isabled

xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet

isabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet

isabled

xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Vid\Vid.exe" = C:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\NMSRVC.EXE" = C:\Program Files\Common Files\Pure Networks Shared\Platform\NMSRVC.EXE:LocalSubNet,0.0.0.0/255.255.255.255:Enabled

ure Networks Platform Service -- (Cisco Systems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0D4B37-1D9A-4FB0-A232-61932F92CD21}" = Autodesk Navisworks Manage 2011 (32 bit) 2011 DWG File Reader
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D9AD604-560C-0000-AAA8-C0043D41F03A}" = Autodesk Navisworks Manage 2011 (32 bit) 2010 DWG File Reader
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EE1FCA9-7474-4143-8F22-E7AD998FACBF}" = Autodesk Revit Structure 2011
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{164EB480-180D-4779-9B07-0B0AF7753C9F}" = Panavue ImageAssembler Enterprise 3.0 (Trial)
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B868720-ED88-4531-8892-3A35A76E48FE}" = TurboTax 2010 wfliper
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30499511-7C2F-40F7-8BF7-262A87070B40}" = Autodesk Navisworks Manage 2011 (32 bit) 2008 DWG File Reader
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{35738946-FE22-0000-8916-2CE9119C21D5}" = Autodesk Navisworks Freedom 2011
"{35738946-FE22-0409-8916-2CE9119C21D5}" = Autodesk Navisworks Freedom 2011 English Language Pack
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3712BB20-EAA2-012B-AD56-000000000000}" = TurboTax 2009 wfliper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CEBAF73-715A-4AC0-BB14-C9AC6B7D453F}" = Autodesk Navisworks Manage 2011 (32 bit) 2009 DWG File Reader
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{41EEF558-3585-4020-8DF2-B182A0CE2D69}" = Autodesk Vault 2011 (Client)
"{41EEF558-3585-4028-8DF2-B182A0CE2D69}" = Autodesk Vault 2011 (Client) English Language Pack
"{44B3522B-195C-488D-84AC-9526FA99CB73}" = Motorola Handset USB Driver
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF99FCA-1D0C-4D5A-9BFE-0D4376A52B23}" = Autodesk Revit Architecture 2011
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-9000-0409-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2011
"{5783F2D7-9000-0409-1002-0060B0CE6BBA}" = AutoCAD Civil 3D 2011 Language Pack - English
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5E152D08-572A-3375-8FDE-DAD1EFB379BA}" = Microsoft Report Viewer Redistributable 2008
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67574624-BF0F-0409-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-bit
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{71F89FF7-C913-4A99-B4D9-C05BAA20790B}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1" = File Helper 2.5.3.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F4DD591-1532-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1532-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 English Language Pack
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C3B5851-5A51-4FF6-A3C8-3422EE2D0109}" = Autodesk Navisworks 2011 2004-6 DWG File Reader Runtimes
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9709ACB8-430D-4136-A610-F218E4A33CC5}" = Autodesk Navisworks Manage 2011 (32 bit) 2004 DWG File Reader
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{99F80251-DAE8-0409-BD08-DCBBEF56B8CB}" = Autodesk 3ds Max 2011 32-bit Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B46E7E8-3E7D-480d-B717-D5A047F66425}" = Autodesk Impression 3
"{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}" = Venturi Client 2.3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD7D1D0E-B328-4955-87A1-BD5AF49E53CD}" = Autodesk Navisworks Manage 2011 (32 bit) 2005 DWG File Reader
"{AE765884-4770-4A92-82D9-AB3192512B31}" = Preboot Manager
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B5AB9CB4-4AAE-44CC-A6AF-37388326E85F}" = Wave Infrastructure Installer
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C037F379-977E-0000-8901-BE4EA1969492}" = Autodesk Navisworks Manage 2011
"{C037F379-977E-0409-8901-BE4EA1969492}" = Autodesk Navisworks Manage 2011 English Language Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCCB80C8-5CC5-4EB7-89D0-F18E405F18F9}" = Autodesk Revit MEP 2011
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF3BB92C-1E4D-4CDF-BB97-9786C16649FF}" = Snitch
"{D1183FA8-AA29-4C82-B998-9593D7AF42FE}" = NTRU Hybrid TSS v2.0.7
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDBE4C11-8D5E-44A2-A342-AF12145E9118}" = Autodesk Navisworks Manage 2011 (32 bit) 2006 DWG File Reader
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40F6EE7-A781-4B01-A12A-B777E5BE69CD}" = Autodesk Navisworks Manage 2011 (32 bit) 2007 DWG File Reader
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E70A81D3-0953-4F9C-AE71-71D6E7DEB482}" = Power BibleCD 5.5
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EAFA85AA-CCF3-0000-8D4F-4557F945C865}" = Autodesk Navisworks 2011 32 bit Exporter Plug-ins
"{EAFA85AA-CCF3-0409-8D4F-4557F945C865}" = Autodesk Navisworks 2011 32 bit Exporter Plug-ins English Language Pack
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Akamai" = Akamai NetSession Interface
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AutoCAD Civil 3D 2011" = AutoCAD Civil 3D 2011
"AutoCAD Civil 3D 2011 Version 2.1" = AutoCAD Civil 3D 2011 Version 2.1
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 English
"Autodesk Inventor Professional 2011 SP1" = Autodesk Inventor Professional 2011 SP1
"Autodesk Navisworks 2011 32 bit Exporter Plug-ins" = Autodesk Navisworks 2011 32 bit Exporter Plug-ins
"Autodesk Navisworks Freedom 2011" = Autodesk Navisworks Freedom 2011
"Autodesk Navisworks Manage 2011" = Autodesk Navisworks Manage 2011
"Autodesk Revit Architecture 2011" = Autodesk Revit Architecture 2011
"Autodesk Revit Architecture 2011 SP2" = Autodesk Revit Architecture 2011 x86 Update 2
"Autodesk Revit MEP 2011" = Autodesk Revit MEP 2011
"Autodesk Revit MEP 2011 SP2" = Autodesk Revit MEP 2011 x86 Update 2
"Autodesk Revit Structure 2011" = Autodesk Revit Structure 2011
"Autodesk Revit Structure 2011 SP2" = Autodesk Revit Structure 2011 x86 Update 2
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"DWG TrueView 2011" = DWG TrueView 2011
"Europe Language Companion" = Europe Language Companion
"ExamView Pro" = ExamView Pro
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"ie8" = Windows Internet Explorer 8
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"InteGrade Pro" = InteGrade Pro
"IObit Security 360_is1" = IObit Security 360
"Lexmark 4300 Series" = Lexmark 4300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2008" = Microsoft Report Viewer Redistributable 2008
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Rosetta Stone 2.1.4.1A" = Rosetta Stone 2.1.4.1A
"ScrewDrivers Client v3" = ScrewDrivers Client v3
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Veehd Plugin" = Veehd Plugin
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Visioneer PaperPort Viewer 5.0" = Visioneer PaperPort Viewer 5.0
"Volo View Express" = Volo View Express
"VZAccess Manager" = VZAccess Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3923555660-1190350133-623060438-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2011 2:51:28 PM | Computer Name = LFM-01 | Source = Application Hang | ID = 1002
Description = Hanging application LWS.exe, version 13.0.1774.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2011 10:53:00 PM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0016225f.

Error - 5/7/2011 11:33:26 PM | Computer Name = LFM-01 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 5/8/2011 8:05:32 AM | Computer Name = LFM-01 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 5/8/2011 8:18:09 AM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0015225f.

Error - 5/8/2011 8:18:38 AM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x005a225f.

Error - 5/8/2011 8:18:58 AM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0015225f.

Error - 5/8/2011 9:02:42 AM | Computer Name = LFM-01 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 5/9/2011 12:04:49 AM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0015226b.

Error - 5/9/2011 12:07:46 AM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0067226b.

[ System Events ]
Error - 5/9/2011 7:15:25 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/9/2011 7:19:39 PM | Computer Name = LFM-01 | Source = Service Control Manager | ID = 7000
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed
to start due to the following error: %%2

Error - 5/9/2011 7:20:43 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/9/2011 7:21:40 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/9/2011 7:27:06 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/9/2011 7:34:27 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/9/2011 7:35:53 PM | Computer Name = LFM-01 | Source = Service Control Manager | ID = 7034
Description = The Venturi2 Client service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/9/2011 7:35:54 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/10/2011 5:22:51 AM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/10/2011 5:31:07 AM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

< End of report >

ken545 · May 10, 2011

Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.

How are things running now, any redirects or unwanted pop up windows ?

Lfmgtc59 · May 10, 2011

KEN545

I removed Viewpoint... took a couple of tries.

Things appear to be running correctly.

I am going to re-boot as that is when I seem to have the most issues.

I will give an update when the system comes back up.

If there is an issue it may take me some time to get back online... hopefully all will go smoothly though.

Thank You

Lee

tashi · May 10, 2011

Received via contact form email.

KEN545

OK... I rebooted.

1. I'm back to no IE or FF. the error I am getting trying to launch (when I get one) is:

Error signature:
AppName: iexplore.exe AppVer: 8.0.6001.18702 ModName: unknown
ModVer: 0.0.0.0 Offset: 0058226b

(I also have the long log saved)

2. None of my security software would load and AOL would not launch.

3. I rebooted and ran FixMBR

4. I could then access email through AOL, but no internet.

5. I could also load Malwarebytes, SpybotSD, McAfee, TDSSkiller, and I0bit security 360

I'm going I guess to run a scan and see what happens...the last time after a full scan I was able to load IE again - on the downside it took 5 hours..

I am not sure how long this AOL "work around" is going to be up, but I will monitor it as long as possible...

Any ideas would be appreciated.

Thank You

Lee

Lfmgtc59 · May 10, 2011

Follow Up

KEN545

I found another PC to post from.

The re-boot brought me back to square one.

I have had no luck accessing the internet this time around...

let me know how to proceed.

I appreciate the assistance... got to be pretty frustrating on your end as well.

Let me know what needs to happen next

Thanks

Lee

Lfmgtc59 · May 10, 2011

Updated Follow up

I think the virus is screwing with me (lol)...

I got locked out of all the security software again,

Rebooted, ran fixmbr... now at least the security software comes up, although what good it does I am not sure.

IE & FF are both blocked from loading, not even getting error screens now.

I have the copies of Combofix, DDS, aswMBR on a thumb drive.

Thanks

Lee

ken545 · May 10, 2011

Lets try this with Internet Explorer

Open IE ( even if no internet ) and go to Tools> Internet Options > Advanced Tab > Reset Internet Explorer Setting > Reset ....may take a few seconds, then OK your way out, close IE and then reopen it again and see if it helped.

I am going to post a fix with OTL that includes Babylon, its not recommended.

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18707"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=18707"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=18707&q="


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Lfmgtc59 · May 10, 2011

OTL Custom Fix results

IE will not load at all.

I ran OTE.exe with the code provided.

It goes into an almost immediate system shutdown with what looks like a system32\cmd.exe dos shell window.

Right after that opens a system shutdown window appears in the foreground.

I cannot find a log file... any idea of a name to search on or location?

Thank You

Lee

Lfmgtc59 · May 10, 2011

Updated Follow up

Ok I tried it again...

Now the system appears to be hung or locked

The "dos shell" window for system32\cmd is on the screen

The OTR window is on the screen but listed as not responding

The system shutdown alert window is over the OTR window and partially missing.

Both the "dos" and "OTR" windows can be moved around with the mouse.

No icons are on screen and there is no apparent HD activity.

Next step ctrl alt del for task manager??

Lee

Lfmgtc59 · May 10, 2011

Update

KEN545

OK... I ended up ctrl alt del to call up task manager and figure out what was going on...

It never came up and the windows on the screen disapeared leaving nothing, so I rebooted.

The system came back up, no logs that I could find were generated.

But... Internet Explorer is back up and running (I'm using it now).

So we are making progress...

Thanks Again

Lee

ken545 · May 10, 2011

See if you can run this and if you can then try the OTL fix again

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Lfmgtc59 · May 10, 2011

exehelper - Results

I was able to download exehelper.com to the desktop

When I did however McAfee removed it from the system, so I turned off McAfee and re-downloaded.

I ran exehelper from the desktop and a window basically flashed on the screen. No log file that I could find was created.

I moved exehelper to a folder on the desktop and I re-ran exehelper.

This time the following log was created:

exeHelper by Raktor
Build 20100414
Run at 14:09:25 on 05/10/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...

I will now attempt to re-run OTL

Lee

Lfmgtc59 · May 10, 2011

OTL Custom Fix results

OK... OTL ran and re-booted the system when it was done

However, now I am once again locked out of IE altogether.

The only file that looks like it was created was a "cmd.txt" , but it was 0 kb

Lee

ken545 · May 10, 2011

Lets do this

Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. WiNlOgOn.exe
5. uSeRiNiT.exe

Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Lfmgtc59 · May 10, 2011

Update

KEN545

I have downloaded the programs and will start running them now...

I'll let you know as soon as I have some results

Lee

Lfmgtc59 · May 10, 2011

Rkill - ComboFix result

I ran each of the downloaded "rkill" etc. programs until I got at least two to work.

My IE and internet connection is back up.

I downloaded ComboFix as instructed.

When I ran it the combofix progress bar came up and the bars colored all the way to the end.

Then an error box came up:

Error

You appear to have a currupt download
Please download a feresh copy of ComboFix.exe

You can close ComboFix by clicking the right corner of the progress bar

OK

At this point it is all just sitting there...

What should I do?

Lee

Lfmgtc59 · May 10, 2011

ComboFix - Additional info

I cleared the error by "X"ing out

When I go into Task Manager / Processes "ComboFix-10X.exe" is on the list with "0" CPU usage and 2,244K of memory

Does this indicate it is this actually running in the background or hung up?

Lee

Lfmgtc59 · May 11, 2011

ComboFix Update

KEN545

I don't know if it is important, but I wanted to let you know that the memory usage of the ComboFix.exe has been floating around with a high of around 8000k to a low of 250k. It looks like it is spending most of its time around 1200K to 2000K

Lee

ken545 · May 11, 2011

Bring up Task Manage using CTRL+ALT+DELETE. See if any of these processes are running ...If they are then Kill process on the first one and then try CF again, try Kill process on each one until CF runs

findstr
sed
grep.
nircmd.exe
nircmd.cfexe
swsc.cfexe
* .. or any other process that has the .cfexe extension except for CFxxx.cfexe

If ComboFix is still 'hung', then kill process on CFxxx.cfexe

Lfmgtc59 · May 11, 2011

Cfexe or Cfxxe ?

I cannot see any ".cfexe" but have the folowing "cfxxe"

cmd.cfxxe

gsar.cfxxe

nircmd.cfxxe

There is no CFxxx.cfexe

Help - Unable to launch IE or FF - unable to run DDS

New member

Emeritus-Security Expert

New member

Member of Team Spybot

New member

New member

Emeritus-Security Expert

New member

New member

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

New member

New member

New member

Emeritus-Security Expert

New member