Unable to install antivirus

Posted 7/13/2010 1:07 PM
#87591
User avatar

phantom24 Member

Date Joined Nov 2016
Total Posts: 6
i have problem with my laptop. my antivirus is not working n i cant install any new antivirus or re-install it. it keep saying that it cant find d file . n i saw some thread that say there is a virus that blocking my latop from installing antivirus. can i know wat is that virus n how can i remove it?? i seriously need help!! please!!
Posted 7/14/2010 4:32 AM
#87600
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello and welcome :smile: <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/><SPAN class=spnmessagetext><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>Please follow this guide:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN class=apple-style-span><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Before-posting-a-log<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <br/><SPAN class=apple-style-span><SPAN style="mso-spacerun: yes"> Follow the instructions and copy the logs here, <SPAN class=apple-style-span><SPAN style="FONT-FAMILY: Verdana; COLOR: red; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>in this Topic.<o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/14/2010 11:16 AM
#87607
User avatar

phantom24 Member

Date Joined Nov 2016
Total Posts: 6
Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 19:09:35, on 2010/7/14 <br/>Platform: Windows Vista SP2 (WinNT 6.00.1906) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18928) <br/>Boot mode: Normal <br/>Running processes: <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Program Files\Dell\DellDock\DellDock.exe <br/>C:\Windows\system32\conime.exe <br/>C:\Program Files\CloudEx Onlinebackup\YoubakMSN\YoubakMSN.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files\Windows Sidebar\sidebar.exe <br/>C:\Program Files\FlashGet Network\FlashGet 3\mxhelper.exe <br/>C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe <br/>C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE <br/>C:\Windows\system32\igfxsrvc.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe <br/>C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Users\Khai Ling\AppData\Local\easyMule\modules\IE2EM.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll <br/>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing) <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: (no name) - {9E7F0F05-23CF-4575-9049-7DDB9D39AA8E} - C:\PROGRA~1\FX678T~1\FX678T~1.DLL (file missing) <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll <br/>O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Khai Ling\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll <br/>O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) <br/>O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O4 - HKLM\..\Run: [YoubakMSN] C:\Program Files\CloudEx Onlinebackup\YoubakMSN\YoubakMSN.exe <br/>O4 - HKLM\..\Run: [OA012Mon] C:\Windows\OA012Mon.exe <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent <br/>O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun <br/>O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\easyMule\eMule.exe -AutoStart <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize <br/>O4 - HKCU\..\Run: [FlashGetBHO] "C:\Program Files\FlashGet Network\FlashGet 3\mxhelper.exe" <br/>O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') <br/>O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') <br/>O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe <br/>O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE <br/>O4 - Startup: PPS.lnk = C:\Program Files\PPStream\PPStream.exe <br/>O4 - Global Startup: Bluetooth.lnk = ? <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html <br/>O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm <br/>O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm <br/>O8 - Extra context menu item: 使用快车3下载 - C:\Users\Khai Ling\AppData\Roaming\FlashGetBHO\GetUrl.htm <br/>O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Khai Ling\AppData\Roaming\FlashGetBHO\GetAllUrl.htm <br/>O8 - Extra context menu item: 使用电驴下载 - C:\Program Files\easyMule\IE2EM.htm <br/>O8 - Extra context menu item: 使用迅雷下载 - C:\Users\Public\Thunder Network\Thunder\Program\geturl.htm <br/>O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Users\Public\Thunder Network\Thunder\Program\getallurl.htm <br/>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm <br/>O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm <br/>O13 - Gopher Prefix: <br/>O15 - Trusted Zone: http://software.kuaiche.com <br/>O15 - ESC Trusted Zone: [url=http://*.update.microsoft.com]http://*.update.microsoft.com[/url] <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{3012122F-5F3A-4186-9899-B6D64A600C7E}: NameServer = 203.82.64.145 203.82.64.129 <br/>O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll <br/>O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\aestsrv.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe <br/>O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe <br/>O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe <br/>O23 - Service: Google Update Service (gupdate1ca1b4ce0fedbd2) (gupdate1ca1b4ce0fedbd2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Network Monitor of Microsoft Windows (Network) - 讯雷 - C:\windows\MsNetwork.exe <br/>O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe <br/>O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - c:\Program Files\Dell Support Center\bin\sprtsvc.exe <br/>O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\STacSV.exe <br/>O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE <br/> <br/>-- <br/>End of file - 10072 bytes
Posted 7/14/2010 3:27 PM
#87613
User avatar

phantom24 Member

Date Joined Nov 2016
Total Posts: 6
Malwarebytes' Anti-Malware 1.46 <br/>www.malwarebytes.org <br/>Database version: 4312 <br/> <br/>Windows 6.0.6002 Service Pack 2 <br/>Internet Explorer 8.0.6001.18928 <br/> <br/>2010/7/14 21:14:57 <br/>mbam-log-2010-07-14 (21-14-57).txt <br/> <br/>Scan type: Full scan (C:\|D:\|R:\|) <br/>Objects scanned: 248883 <br/>Time elapsed: 1 hour(s), 55 minute(s), 47 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 2 <br/>Registry Keys Infected: 72 <br/>Registry Values Infected: 8 <br/>Registry Data Items Infected: 1 <br/>Folders Infected: 6 <br/>Files Infected: 27 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>C:\Windows\System32\aksuser.dll (Trojan.GamesThief) -> No action taken. <br/>C:\Windows\System32\ksuser.dll (Trojan.Patched) -> No action taken. <br/> <br/>Registry Keys Infected: <br/>HKEY_CLASSES_ROOT\CLSID\{9e7f0f05-23cf-4575-9049-7ddb9d39aa8e} (Adware.IEShow) -> No action taken. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9e7f0f05-23cf-4575-9049-7ddb9d39aa8e} (Adware.IEShow) -> No action taken. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9e7f0f05-23cf-4575-9049-7ddb9d39aa8e} (Adware.IEShow) -> No action taken. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> No action taken. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e7f0f05-23cf-4575-9049-7ddb9d39aa8e} (Adware.IEShow) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Adware.BDSearch) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Trojan.Cinmus) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360se.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360softmgrsvc.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccenter.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.kxp (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsrvxp.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcods.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsacore.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfsrv.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpmon.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpsvc.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpsvc1.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpsvc2.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtask.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsagent.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstray.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanfrm.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sfctlcom.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderml.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmbmsrv.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmproxy.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ufseagnt.exe (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe (Security.Hijack) -> No action taken. <br/> <br/>Registry Values Infected: <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> No action taken. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\debugger (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\debugger (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\debugger (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\debugger (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\debugger (Security.Hijack) -> No action taken. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\debugger (Security.Hijack) -> No action taken. <br/> <br/>Registry Data Items Infected: <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-4787969466-8541327473-097638665-2217\winsystem.exe) Good: (Explorer.exe) -> No action taken. <br/> <br/>Folders Infected: <br/>C:\Users\Khai Ling\AppData\Roaming\Baidu (Trojan.Cinmus) -> No action taken. <br/>C:\Users\Khai Ling\AppData\Roaming\Baidu\Toolbar (Trojan.Cinmus) -> No action taken. <br/>C:\Users\Khai Ling\AppData\Roaming\Baidu\Toolbar\Custom Buttons (Trojan.Cinmus) -> No action taken. <br/>C:\Users\Khai Ling\AppData\Roaming\JjlDownLoader (Rogue.Installer) -> No action taken. <br/>C:\Program Files\BaiDu (Adware.Baidu) -> No action taken. <br/>C:\Program Files\BaiDu\Toolbar (Adware.Baidu) -> No action taken. <br/> <br/>Files Infected: <br/>C:\Program Files\QvodSetupPlus3.exe (Trojan.Dropper) -> No action taken. <br/>C:\Users\Khai Ling\AppData\Local\VirtualStore\Windows\system\Ktpgu.LOG (Extension.Mismatch) -> No action taken. <br/>C:\Users\Khai Ling\AppData\Local\VirtualStore\Windows\system\TybuX.LOG (Extension.Mismatch) -> No action taken. <br/>C:\Users\Khai Ling\AppData\Local\VirtualStore\Windows\system\vSxpO.LOG (Extension.Mismatch) -> No action taken. <br/>C:\Users\Khai Ling\AppData\Local\VirtualStore\Windows\system\wxkOU.LOG (Extension.Mismatch) -> No action taken. <br/>C:\Windows\System32\FastUserSwitchingCompatibility.dll (Trojan.Dropper) -> No action taken. <br/>C:\Windows\System32\drivers\07BD45D6.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\0C624D58.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\18383F2A.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\261C79B6.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\32224F07.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\325E485C.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\43A749BD.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\47423754.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\508959E6.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\65EE16D6.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\6CE31F63.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\75345E4C.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\System32\drivers\7D867824.sys (Rootkit.Agent) -> No action taken. <br/>C:\Windows\Temp\ep8blg.exe (Spyware.Onlinegames) -> No action taken. <br/>C:\Windows\Temp\Gyp3X9.exe (Spyware.Onlinegames) -> No action taken. <br/>C:\Windows\Temp\Mjblhu.dll (Spyware.OnLineGames) -> No action taken. <br/>C:\Windows\Temp\Mjblhu.exe (Spyware.Onlinegames) -> No action taken. <br/>C:\Windows\Temp\qsombZ.dll (Spyware.OnLineGames) -> No action taken. <br/>C:\Windows\Temp\yrI6SG.exe (Spyware.Onlinegames) -> No action taken. <br/>C:\Windows\System32\aksuser.dll (Trojan.GamesThief) -> No action taken. <br/>C:\Windows\System32\ksuser.dll (Trojan.Patched) -> No action taken.
Posted 7/14/2010 3:29 PM
#87614
User avatar

phantom24 Member

Date Joined Nov 2016
Total Posts: 6
DDS (Ver_10-03-17.01) - NTFSx86 <br/>Run by Khai Ling at 18:57:02.31 on 2010/07/14 三 <br/>Internet Explorer: 8.0.6001.18928 <br/>SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} <br/>============== Running Processes =============== <br/> <br/>C:\Windows\system32\wininit.exe <br/>C:\Windows\system32\lsm.exe <br/>C:\Windows\system32\svchost.exe -k DcomLaunch <br/>C:\Windows\system32\svchost.exe -k rpcss <br/>C:\Windows\System32\svchost.exe -k secsvcs <br/>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted <br/>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted <br/>C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\STacSV.exe <br/>C:\Windows\system32\svchost.exe -k GPSvcGroup <br/>C:\Windows\system32\SLsvc.exe <br/>C:\Windows\system32\svchost.exe -k LocalService <br/>C:\Program Files\Dell\DellDock\DockLogin.exe <br/>C:\Windows\system32\svchost.exe -k NetworkService <br/>C:\Windows\System32\WLTRYSVC.EXE <br/>C:\Windows\System32\bcmwltry.exe <br/>C:\Windows\system32\WLANExt.exe <br/>C:\Windows\System32\spoolsv.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork <br/>C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\aestsrv.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Windows\system32\svchost.exe -k bthsvcs <br/>c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe <br/>C:\Windows\system32\DRIVERS\o2flash.exe <br/>C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted <br/>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>C:\Windows\system32\svchost.exe -k imgsvc <br/>C:\Windows\System32\svchost.exe -k WerSvcGroup <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE <br/>C:\Windows\system32\SearchIndexer.exe <br/>C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe <br/>C:\Windows\TEMP\3b0b791b.exe <br/>C:\Windows\TEMP\22e62427.exe <br/>C:\Windows\TEMP\4cc54739.exe <br/>C:\Windows\TEMP\76a46a4b.exe <br/>C:\Windows\System32\svchost.exe -k netsvcs <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Program Files\Dell\DellDock\DellDock.exe <br/>C:\Windows\system32\conime.exe <br/>C:\Program Files\CloudEx Onlinebackup\YoubakMSN\YoubakMSN.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files\Windows Sidebar\sidebar.exe <br/>C:\Program Files\FlashGet Network\FlashGet 3\mxhelper.exe <br/>C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe <br/>C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE <br/>C:\Windows\system32\igfxsrvc.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Program Files\Windows Media Player\wmpnetwk.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe <br/>C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe <br/>C:\Windows\system32\SearchProtocolHost.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Windows\system32\SearchProtocolHost.exe <br/>C:\Windows\system32\DllHost.exe <br/>C:\Windows\system32\DllHost.exe <br/>D:\Downloads\dds.scr <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>uStart Page = hxxp://www.yahoo.com/ <br/>uDefault_Page_URL = hxxp://www.dell.com <br/>mDefault_Page_URL = hxxp://www.dell.com <br/>uInternet Settings,ProxyOverride = *.local <br/>uURLSearchHooks: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll <br/>uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-4787969466-8541327473-097638665-2217\winsystem.exe <br/>BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll <br/>BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\users\khai ling\appdata\local\easymule\modules\IE2EM.dll <br/>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll <br/>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll <br/>BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll <br/>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File <br/>BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll <br/>BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll <br/>BHO: : {9e7f0f05-23cf-4575-9049-7ddb9d39aa8e} - c:\progra~1\fx678t~1\FX678T~1.DLL <br/>BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll <br/>BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll <br/>BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\khai ling\appdata\roaming\flashgetbho\FlashGetBHO3.dll <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll <br/>BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll <br/>BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll <br/>TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File <br/>TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll <br/>TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll <br/>TB: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll <br/>TB: {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No File <br/>uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun <br/>uRun: [eMuleAutoStart] c:\program files\easymule\eMule.exe -AutoStart <br/>uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background <br/>uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize <br/>uRun: [FlashGetBHO] "c:\program files\flashget network\flashget 3\mxhelper.exe" <br/>uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe <br/>mRun: [YoubakMSN] c:\program files\cloudex onlinebackup\youbakmsn\YoubakMSN.exe <br/>mRun: [OA012Mon] c:\windows\OA012Mon.exe <br/>mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" <br/>StartupFolder: c:\users\khaili~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe <br/>StartupFolder: c:\users\khaili~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE <br/>StartupFolder: c:\users\khaili~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pps.lnk - c:\program files\ppstream\PPStream.exe <br/>StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe <br/>mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) <br/>mPolicies-system: EnableUIADesktopToggle = 0 (0x0) <br/>IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 <br/>IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html <br/>IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm <br/>IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm <br/>IE: ê1ó??ì3μ3???? - c:\users\khai ling\appdata\roaming\flashgetbho\GetUrl.htm <br/>IE: ê1ó??ì3μ3????è?2?á′?ó - c:\users\khai ling\appdata\roaming\flashgetbho\GetAllUrl.htm <br/>IE: 使用快车3下载 - c:\users\khai ling\appdata\roaming\flashgetbho\GetUrl.htm <br/>IE: 使用快车3下载全部链接 - c:\users\khai ling\appdata\roaming\flashgetbho\GetAllUrl.htm <br/>IE: 使用电驴下载 - c:\program files\easymule\IE2EM.htm <br/>IE: 使用迅雷下载 - c:\users\public\thunder network\thunder\program\geturl.htm <br/>IE: 使用迅雷下载全部链接 - c:\users\public\thunder network\thunder\program\getallurl.htm <br/>IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm <br/>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll <br/>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL <br/>Trusted Zone: kuaiche.com\software <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab <br/>TCP: {3012122F-5F3A-4186-9899-B6D64A600C7E} = 203.82.64.145 203.82.64.129 <br/>Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll <br/>Notify: igfxcui - igfxdev.dll <br/>IFEO: kxedefend.exe - ntsd -d <br/>IFEO: 360hotfix.exe - ntsd -d <br/>IFEO: 360rp.exe - ntsd -d <br/>IFEO: 360rpt.exe - ntsd -d <br/>IFEO: 360safe.exe - ntsd -d <br/> <br/>Note: multiple IFEO entries found. Please refer to Attach.txt <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/>R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-9 17192] <br/>R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a1ffb3e6\AEstSrv.exe [2009-6-9 81920] <br/>R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-19 155648] <br/>R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-9 143840] <br/>R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-9 112640] <br/>R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-5-23 58016] <br/>R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-5-8 41504] <br/>R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-3-6 133632] <br/>R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-7-7 272256] <br/>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] <br/>S2 gupdate1ca1b4ce0fedbd2;Google Update Service (gupdate1ca1b4ce0fedbd2);c:\program files\google\update\GoogleUpdate.exe [2009-8-12 133104] <br/>S2 Network;Network Monitor of Microsoft Windows;c:\windows\MsNetwork.exe [2010-1-21 466944] <br/>S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-6 29736] <br/>S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] <br/>S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [2009-8-27 97408] <br/>S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] <br/> <br/>=============== Created Last 30 ================ <br/> <br/>2010-07-14 10:29:22 0 d-----w- c:\programdata\Yahoo! Companion <br/>2010-07-14 10:29:19 0 d-----w- c:\program files\Yahoo! <br/>2010-07-14 10:29:13 0 d-----w- c:\program files\CCleaner <br/>2010-07-14 07:22:18 15360 ----a-w- c:\windows\system32\syswsock32.dll <br/>2010-07-14 07:21:39 20628 ----a-w- c:\windows\system32\asktao.mod.dll <br/>2010-07-14 07:21:03 27284 ----a-w- c:\windows\system32\my.exe.dll <br/>2010-07-14 07:20:11 4608 ----a-w- c:\windows\system32\aksuser.dll <br/>2010-07-12 20:57:04 53785488 ----a-w- c:\users\khai ling\setup_av_free.exe <br/>2010-07-12 19:48:30 0 d-----w- c:\programdata\Alwil Software <br/>2010-07-12 18:14:17 152968 ----a-w- c:\program files\QvodSetupPlus3.exe <br/>2010-07-06 14:39:32 166 ----a-w- c:\users\khai ling\酷小牛小说网-海量小说下载.url <br/>2010-07-06 14:39:18 67743 ----a-w- c:\users\khai ling\tianmideyingsu.rar <br/>2010-06-25 03:09:03 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll <br/>2010-06-25 03:09:03 49472 ----a-w- c:\windows\system32\netfxperf.dll <br/>2010-06-25 03:09:03 297808 ----a-w- c:\windows\system32\mscoree.dll <br/>2010-06-25 03:09:03 295264 ----a-w- c:\windows\system32\PresentationHost.exe <br/>2010-06-25 03:09:03 1130824 ----a-w- c:\windows\system32\dfshim.dll <br/>2010-06-24 08:57:31 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll <br/>2010-06-24 08:57:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll <br/> <br/>==================== Find3M ==================== <br/> <br/>2010-07-14 10:42:20 20628 ----a-w- c:\windows\system32\ksuser.dll <br/>2010-07-14 07:21:39 20628 ----a-w- c:\windows\system32\TEMDF27.tmp <br/>2010-07-12 18:15:40 13664256 ----a-w- c:\program files\QvodSetupPlus.exe.!qd <br/>2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll <br/>2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll <br/>2010-05-26 09:14:54 86016 ----a-w- c:\windows\inf\infstor.dat <br/>2010-05-26 09:14:54 51200 ----a-w- c:\windows\inf\infpub.dat <br/>2010-05-26 09:14:54 143360 ----a-w- c:\windows\inf\infstrng.dat <br/>2010-05-21 06:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe <br/>2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll <br/>2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll <br/>2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe <br/>2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys <br/>2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll <br/>2009-11-18 19:02:41 665600 ----a-w- c:\windows\inf\drvindex.dat <br/>2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini <br/>2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat <br/>2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat <br/>2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat <br/>2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat <br/>2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat <br/>2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat <br/>2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat <br/>2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat <br/>2009-06-09 11:09:41 76 --sha-r- c:\windows\CT4CET.bin <br/>2010-03-24 21:09:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat <br/>2010-03-24 21:09:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat <br/>2010-03-24 21:09:57 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat <br/>2010-04-12 11:08:05 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat <br/>2009-11-17 08:49:52 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat <br/> <br/>============= FINISH: 18:57:52.07 ===============
Posted 7/14/2010 3:30 PM
#87615
User avatar

phantom24 Member

Date Joined Nov 2016
Total Posts: 6
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. <br/>IF REQUESTED, ZIP IT UP & ATTACH IT <br/>DDS (Ver_10-03-17.01) <br/> <br/> <br/>Motherboard: Dell Inc. | | 0186NX <br/>Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | U2E1 | 800/266mhz <br/> <br/>==== Disk Partitions ========================= <br/> <br/>C: is FIXED (NTFS) - 59 GiB total, 17.146 GiB free. <br/>D: is FIXED (NTFS) - 230 GiB total, 44.962 GiB free. <br/>R: is FIXED (NTFS) - 10 GiB total, 4.612 GiB free. <br/> <br/>==== Disabled Device Manager Items ============= <br/> <br/>Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} <br/>Description: Microsoft ISATAP Adapter <br/>Device ID: ROOT\*ISATAP\0029 <br/>Manufacturer: Microsoft <br/>Name: Microsoft ISATAP Adapter #2 <br/>PNP Device ID: ROOT\*ISATAP\0029 <br/>Service: tunnel <br/> <br/>==== System Restore Points =================== <br/> <br/>RP346: 2010/7/9 2:01:50 - Windows Update <br/>RP347: 2010/7/13 2:25:08 - Windows Update <br/>RP348: 2010/7/13 3:48:12 - avast! Free Antivirus Setup <br/>RP349: 2010/7/13 3:58:30 - Windows Update <br/>RP350: 2010/7/13 4:17:28 - avast! Free Antivirus Setup <br/>RP352: 2010/7/13 13:06:06 - avast! Free Antivirus Setup <br/> <br/>==== Image File Execution Options ============= <br/> <br/>IFEO: kxedefend.exe - ntsd -d <br/>IFEO: 360hotfix.exe - ntsd -d <br/>IFEO: 360rp.exe - ntsd -d <br/>IFEO: 360rpt.exe - ntsd -d <br/>IFEO: 360safe.exe - ntsd -d <br/>IFEO: 360safebox.exe - ntsd -d <br/>IFEO: 360sd.exe - ntsd -d <br/>IFEO: 360se.exe - ntsd -d <br/>IFEO: 360SoftMgrSvc.exe - ntsd -d <br/>IFEO: 360speedld.exe - ntsd -d <br/>IFEO: 360tray.exe - ntsd -d <br/>IFEO: afwServ.exe - ntsd -d <br/>IFEO: ast.exe - ntsd -d <br/>IFEO: AvastUI.exe - ntsd -d <br/>IFEO: avcenter.exe - ntsd -d <br/>IFEO: avfwsvc.exe - ntsd -d <br/>IFEO: avgnt.exe - ntsd -d <br/>IFEO: avguard.exe - ntsd -d <br/>IFEO: avmailc.exe - ntsd -d <br/>IFEO: avp.exe - ntsd -d <br/>IFEO: avshadow.exe - ntsd -d <br/>IFEO: avwebgrd.exe - ntsd -d <br/>IFEO: bdagent.exe - ntsd -d <br/>IFEO: CCenter.exe - ntsd -d <br/>IFEO: ccSvcHst.exe - ntsd -d <br/>IFEO: dwengine.exe - ntsd -d <br/>IFEO: egui.exe - ntsd -d <br/>IFEO: ekrn.exe - ntsd -d <br/>IFEO: FilMsg.exe - ntsd -d <br/>IFEO: kavstart.exe - ntsd -d <br/>IFEO: kissvc.exe - ntsd -d <br/>IFEO: kmailmon.exe - ntsd -d <br/>IFEO: kpfw32.exe - ntsd -d <br/>IFEO: kpfwsvc.exe - ntsd -d <br/>IFEO: kpopserver.exe - ntsd -d <br/>IFEO: krnl360svc.exe - ntsd -d <br/>IFEO: ksmgui.exe - ntsd -d <br/>IFEO: ksmsvc.exe - ntsd -d <br/>IFEO: kswebshield.exe - ntsd -d <br/>IFEO: KVMonXP.exe - ntsd -d <br/>IFEO: KVMonXP.kxp - ntsd -d <br/>IFEO: KVSrvXP.exe - ntsd -d <br/>IFEO: kwatch.exe - ntsd -d <br/>IFEO: kwstray.exe - ntsd -d <br/>IFEO: kxesapp.exe - ntsd -d <br/>IFEO: kxescore.exe - ntsd -d <br/>IFEO: kxeserv.exe - ntsd -d <br/>IFEO: kxetray.e - ntsd -d <br/>IFEO: livesrv.exe - ntsd -d <br/>IFEO: Mcagent.exe - ntsd -d <br/>IFEO: mcmscsvc.exe - ntsd -d <br/>IFEO: McNASvc.exe - ntsd -d <br/>IFEO: Mcods.exe - ntsd -d <br/>IFEO: McProxy.exe - ntsd -d <br/>IFEO: McSACore.exe - ntsd -d <br/>IFEO: Mcshield.exe - ntsd -d <br/>IFEO: mcsysmon.exe - ntsd -d <br/>IFEO: mcvsshld.exe - ntsd -d <br/>IFEO: MpfSrv.exe - ntsd -d <br/>IFEO: MPMon.exe - ntsd -d <br/>IFEO: MPSVC.exe - ntsd -d <br/>IFEO: MPSVC1.exe - ntsd -d <br/>IFEO: MPSVC2.exe - ntsd -d <br/>IFEO: msksrver.exe - ntsd -d <br/>IFEO: qutmserv.exe - ntsd -d <br/>IFEO: RavMonD.exe - ntsd -d <br/>IFEO: RavTask.exe - ntsd -d <br/>IFEO: RsAgent.exe - ntsd -d <br/>IFEO: rsnetsvr.exe - ntsd -d <br/>IFEO: RsTray.exe - ntsd -d <br/>IFEO: safeboxTray.exe - ntsd -d <br/>IFEO: ScanFrm.exe - ntsd -d <br/>IFEO: sched.exe - ntsd -d <br/>IFEO: seccenter.exe - ntsd -d <br/>IFEO: SfCtlCom.exe - ntsd -d <br/>IFEO: spideragent.exe - ntsd -d <br/>IFEO: SpIDerMl.exe - ntsd -d <br/>IFEO: spidernt.exe - ntsd -d <br/>IFEO: spiderui.exe - ntsd -d <br/>IFEO: TMBMSRV.exe - ntsd -d <br/>IFEO: TmProxy.exe - ntsd -d <br/>IFEO: Twister.exe - ntsd -d <br/>IFEO: UfSeAgnt.exe - ntsd -d <br/>IFEO: vsserv.exe - ntsd -d <br/>IFEO: zhudongfangyu.exe - ntsd -d <br/>IFEO: 修复工具.exe - ntsd -d <br/> <br/>==== Installed Programs ====================== <br/> <br/>Acrobat.com <br/>Adobe AIR <br/>Adobe Flash Player 10 ActiveX <br/>Adobe Reader 9 <br/>Advanced Audio FX Engine <br/>Alarm Clock v1.0 <br/>Apple Application Support <br/>Apple Mobile Device Support <br/>Apple Software Update <br/>Battery Meter <br/>Bonjour <br/>CCleaner <br/>Chinese Simplified Fonts Support For Adobe Reader 9 <br/>Cisco EAP-FAST Module <br/>Cisco LEAP Module <br/>Cisco PEAP Module <br/>Cole2k Media - Codec Pack (Advanced) 7.9.0 <br/>Dell DataSafe Online <br/>Dell Dock <br/>Dell Support Center (Support Software) <br/>Dell Touchpad <br/>Dell Webcam Central <br/>Dell Wireless WLAN Card Utility <br/>easyMule <br/>EMSC <br/>Google Chrome <br/>Google Toolbar for Internet Explorer <br/>Google Update Helper <br/>GoToAssist 8.0.0.514 <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) <br/>HSDPA USB Modem version 4.882 <br/>IDT Audio <br/>iFinger <br/>Integrated Webcam Driver (1.04.01.0708) <br/>Intel(R) Graphics Media Accelerator Driver <br/>Intel(R) TV Wizard <br/>Intel? Matrix Storage Manager <br/>IrfanView (remove only) <br/>iTunes <br/>Java(TM) 6 Update 17 <br/>Junk Mail filter update <br/>Live! Cam Avatar Creator <br/>Microsoft .NET Framework 3.5 SP1 <br/>Microsoft .NET Framework 4 Client Profile <br/>Microsoft Application Error Reporting <br/>Microsoft Choice Guard <br/>Microsoft Office 2007 Service Pack 2 (SP2) <br/>Microsoft Office Excel MUI (English) 2007 <br/>Microsoft Office Home and Student 2007 <br/>Microsoft Office Live Add-in 1.5 <br/>Microsoft Office OneNote MUI (English) 2007 <br/>Microsoft Office PowerPoint MUI (English) 2007 <br/>Microsoft Office Proof (English) 2007 <br/>Microsoft Office Proof (French) 2007 <br/>Microsoft Office Proof (Spanish) 2007 <br/>Microsoft Office Proofing (English) 2007 <br/>Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) <br/>Microsoft Office Shared MUI (English) 2007 <br/>Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>Microsoft Office Suite Activation Assistant <br/>Microsoft Office Word MUI (English) 2007 <br/>Microsoft Search Enhancement Pack <br/>Microsoft Silverlight <br/>Microsoft SQL Server 2005 Compact Edition [ENU] <br/>Microsoft Sync Framework Runtime Native v1.0 (x86) <br/>Microsoft Sync Framework Services Native v1.0 (x86) <br/>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 <br/>Microsoft Visual C++ 2005 Redistributable <br/>Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>MSVCRT <br/>ó??á i?á <br/>O2Micro Flash Memory Card Windows Driver <br/>óD±?MSN1ü?ò 1.0 <br/>ODD Eject <br/>OGA Notifier 2.0.0048.0 <br/>PPStream V2.6.86.9050 Final <br/>QuickTime <br/>RealPlayer <br/>Realtek 8136 8168 8169 Ethernet Driver <br/>Security Update for 2007 Microsoft Office System (KB969559) <br/>Security Update for 2007 Microsoft Office System (KB976321) <br/>Security Update for 2007 Microsoft Office System (KB982312) <br/>Security Update for 2007 Microsoft Office System (KB982331) <br/>Security Update for Microsoft Office Excel 2007 (KB982308) <br/>Security Update for Microsoft Office InfoPath 2007 (KB979441) <br/>Security Update for Microsoft Office PowerPoint 2007 (KB982158) <br/>Security Update for Microsoft Office system 2007 (972581) <br/>Security Update for Microsoft Office system 2007 (KB969613) <br/>Security Update for Microsoft Office system 2007 (KB974234) <br/>Security Update for Microsoft Office Visio Viewer 2007 (KB973709) <br/>Security Update for Microsoft Office Word 2007 (KB982135) <br/>SPlayer <br/>The KMPlayer (remove only) <br/>Update for 2007 Microsoft Office System (KB967642) <br/>Update for Microsoft .NET Framework 3.5 SP1 (KB963707) <br/>Update for Microsoft Office 2007 Help for Common Features (KB963673) <br/>Update for Microsoft Office Excel 2007 Help (KB963678) <br/>Update for Microsoft Office OneNote 2007 (KB980729) <br/>Update for Microsoft Office OneNote 2007 Help (KB963670) <br/>Update for Microsoft Office Powerpoint 2007 Help (KB963669) <br/>Update for Microsoft Office Script Editor Help (KB963671) <br/>Update for Microsoft Office Word 2007 Help (KB963665) <br/>WIDCOMM Bluetooth Software 6.2.0.6600 <br/>Windows Live Call <br/>Windows Live Communications Platform <br/>Windows Live Essentials <br/>Windows Live ID Sign-in Assistant <br/>Windows Live Mail <br/>Windows Live Messenger <br/>Windows Live Movie Maker <br/>Windows Live Photo Gallery <br/>Windows Live Sync <br/>Windows Live Toolbar <br/>Windows Live Upload Tool <br/>Windows Live Writer <br/>WinRAR archiver <br/>Wireless Select Switch <br/>Yahoo! 工具列 <br/>千千静听 5.5.2 <br/> <br/>==== Event Viewer Messages From Past Week ======== <br/> <br/>2010/7/14 18:46:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. <br/>2010/7/14 18:41:40, Error: Service Control Manager [7023] - The fastuserswitchingcompatibility service terminated with the following error: The specified procedure could not be found. <br/>2010/7/14 18:41:40, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. <br/>2010/7/14 18:41:40, Error: Service Control Manager [7000] - The 73DF6AF5 service failed to start due to the following error: The system cannot find the file specified. <br/>2010/7/14 16:54:06, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Resolved(Resolved) state <br/>2010/7/14 16:45:35, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started. <br/>2010/7/14 16:41:27, Error: Service Control Manager [7000] - The Avira AntiVir Scheduler service failed to start due to the following error: The system cannot find the file specified. <br/>2010/7/14 16:41:27, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The system cannot find the file specified. <br/>2010/7/14 15:41:24, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running. <br/>2010/7/14 15:41:24, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running. <br/>2010/7/14 15:35:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running. <br/>2010/7/14 15:27:09, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. <br/>2010/7/14 15:25:06, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. <br/>2010/7/14 15:21:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. <br/>2010/7/14 15:21:55, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>2010/7/14 15:19:03, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00265E1BE264 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). <br/>2010/7/14 0:36:35, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00265E1BE264 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). <br/>2010/7/13 13:03:16, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 00265E1BE264 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). <br/> <br/>==== End Of File ===========================
Posted 7/14/2010 3:33 PM
#87616
User avatar

phantom24 Member

Date Joined Nov 2016
Total Posts: 6
now d laptop is running slow especially when i was online and the audio system is not working, no sound at all. very worry.......:(
Posted 7/14/2010 4:38 PM
#87617
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>I have some suspicions that this could be pretty bad, but let's run a scan to see what we're dealing with. <br/>Download <SPAN style="FONT-FAMILY: Arial; COLOR: #009900; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN><SPAN style="mso-spacerun: yes"> CureIt<SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN> to the desktop: <br/><SPAN class=spnmessagetext><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>[color=#800080>http://www.freedrweb.com/cureit/?lng=en</FONT>[/url]<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN class=spnmessagetext><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN class=spnmessagetext><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN class=spnmessagetext><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>Click on CureIt Download - button.<SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN> <br/><SPAN style="mso-spacerun: yes"> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>Doubleclick the drweb-cureit.exe file and Allow to run the express scan <br/>This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>Once the short scan has finished, mark the drives that you want to scan. <br/>Move dot to Complete scan<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>Click the green arrow at the right, and the scan will start. <br/>Click 'Yes to all' if it asks if you want to cure/move the file. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>When the scan has finished, in the menu, click file and choose save report list <br/>Save the report to your desktop. The report will be called DrWeb.csv <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>Close Dr.Web Cureit. <br/> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN> <br/>Please post the Dr.Web report in your next reply. <o:p></o:p> <br/> <br/><SPAN style="mso-ansi-language: EN" lang=EN> <o:p></o:p>[/3][/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/26/2010 1:34 PM
#87929
User avatar

rainbowl55 Member

Date Joined Nov 2016
Total Posts: 1
HI, any1 know how to fix the issue? thank U in advance.
Posted 7/26/2010 1:47 PM
#87930
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello rainbowl55<BR sab="1773"> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>[code]HI, any1 know how to fix the issue? thank U in advance.[/code] <br/>What issue ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 11, 2016, 1:23 AM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.