Jump to content


Photo
- - - - -

Computer messed up!


  • This topic is locked This topic is locked
119 replies to this topic

#41 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 01:12 PM

Is it possible to use your Ctrl + C key to copy
And Ctrl + V keys to paste?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#42 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 01:19 PM

I did what you asked (I think) But what do you need it for?

Just Wondering

Waterburn

#43 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 01:22 PM

Are you going to post the results??
Is a virus scan tool, why do you think I want the results???

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#44 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 02:13 PM

This is the link I think: http://www.virustota...7df9fe0f1bb580a

#45 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 02:30 PM

Can you do the following

Do a "System scan only" with Hijackthis and put a check next to these entries:

O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1.GU-/LOCALS~1/Temp/msoclip1/02/clip_image002.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\My Pictures\let it snow.bmp



After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Download OTMoveIt2.exe by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the entries below in BLUE to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

    ================================================

    C:\Program Files\NetMeeting\mstinit.exe
    C:\WINNT\WH.EXE
    C:\WINNT\DLGB.EXE
    C:\WINNT\RGRT.EXE
    C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll



    ======================================================
  • Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
  • Click the red "MoveIt!" button.
  • Close OTMoveIt when it has completed.
Note: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Post that log
along with a fresh hijackthis log

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#46 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 03:09 PM

Hi,

I had to retype the entries in the blue list since copy and paste only work in certain situations. For Hjack this: The entry 03 - Toolbar (Noname) - {B580C...} doesn't exist. Afterwards the background was gone but that doesn't matter.

INFO: I noticed the memory usage was MUCH lower after things started breaking down. Probably because RPC isn't started.

Here are the logs:


File move failed. C:\Program Files\NetMeeting\mstinit.exe scheduled to be moved on reboot.
File/Folder C:\WINNT\WH.EXE not found.
File/Folder C:\WINNT\DLGB.EXE not found.
File/Folder C:\WINNT\RGRT.EXE not found.
File/Folder C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe not found.
C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll NOT unregistered.
C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03302008_171141

---------------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:00, on 2008-3-30
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINNT\system32\lexpps.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [internat.exe] internat.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - S-1-5-21-57989841-920026266-1202660629-500 Startup: bittorrent.exe (User '?')
O4 - Startup: bittorrent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinn...0/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/sec...nfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinn...man/hangman.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinn...es/wwspades.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)

--
End of file - 7395 bytes


Thanks Again!

Waterburn

#47 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 03:24 PM

Do another scan with Hijackthis
Tick the next entry

O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)

With all windows closed, click on Fix checked

Reboot the computer

Try starting Remote Procedure Call (RPC) again

Can you also export this key again and post the contents
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#48 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 03:27 PM

Should I do a normal scan or a system scan only?

Waterburn

#49 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 03:27 PM

system scan only

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#50 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 03:49 PM

Hi,

RPC still doesn't start. But it seems like I just reinstalled the computer. The colors are different. Th start menu settings, favourites...etc. seems to be reset A few Low Memory messages show up at the start.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Waterburn

#51 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 30 March 2008 - 04:28 PM

Hi,

I found the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RPCSS instead of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT\LEGACY_RPCSS. Should I follow the link for what I found?


Waterburn

#52 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 March 2008 - 07:26 PM

Can you do the following
Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#53 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 31 March 2008 - 01:57 PM

Hi,

Here are the logs:


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-31 16:37:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 184 MiB (256 MiB recommended).
System Drive C: has 0.59 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:00, on 2008-3-31
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\「开始」菜单\程序\启动\bittorrent.exe
C:\WINNT\system32\conime.exe
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\桌面\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINNT\system32\lexpps.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [internat.exe] internat.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')
O4 - S-1-5-21-57989841-920026266-1202660629-500 Startup: bittorrent.exe (User '?')
O4 - Startup: bittorrent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinn...0/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/sec...nfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinn...man/hangman.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinn...es/wwspades.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)

--
End of file - 7514 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080330-170426-397 O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1.GU-/LOCALS~1/Temp/msoclip1/02/clip_image002.jpg
backup-20080330-170426-661 O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\My Pictures\let it snow.bmp
backup-20080330-175114-375 O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 catchme - c:\docume~1\admini~1.gu-\locals~1\temp\catchme.sys (file missing)
3 cpuz128 - c:\program files\pc wizard 2008\pcwiz32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys
1 FsVga - c:\winnt\system32\drivers\fsvga.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\winnt\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
0 ntcdrdrv - system32\drivers\ntcdrdrv.sys (file missing)
0 OCDE (ZTekWare Original CD Emulator Service) - system32\drivers\ocde.sys (file missing)
0 Partizan - system32\drivers\partizan.sys (file missing)
3 RegGuard - c:\winnt\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\winnt\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
3 scrcap - system32\drivers\scrcap.sys (file missing)
3 SiSV6306 - c:\winnt\system32\drivers\sis6306p.sys <Not Verified; Silicon Integrated Systems Corporation; SiS ® 530/620 Miniport Driver for Windows 2000>
3 solo (ESS Solo Audio Driver (WDM)) - c:\winnt\system32\drivers\solo.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
3 StillCam (Still Serial Digital Camera Driver) - c:\winnt\system32\drivers\serscan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
3 TVICHW32 - c:\winnt\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 Automatic LiveUpdate Scheduler - c:\program files\symantec\liveupdate\aluschedulersvc.exe (file missing)
2 BITS (Background Intelligent Transfer Service) - c:\winnt\system32\svchost.exe -k bitsgroup (file missing)
3 EventSystem (COM+ Event System) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
3 LiveUpdate - c:\progra~1\symantec\liveup~1\lucoms~1.exe (file missing)
3 Netman (Network Connections) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 NtmsSvc (Removable Storage) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 Prime95 Service - c:\program files\prime95\prime95.exe <Not Verified; ; PRIME95 Application>
2 RasAuto (Remote Access Auto Connection Manager) - c:\winnt\systom32\svchost.exe (file missing)
3 RasMan (Remote Access Connection Manager) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
4 RemoteAccess (Routing and Remote Access) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 RpcSs (Remote Procedure Call (RPC)) - c:\winnt\system32\svchost -k rpcss (file missing)
2 RPCT (Remote Procedure Call (TPM)) - c:\program files\netmeeting\mstinit.exe (file missing)
2 Schedule (Task Scheduler) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 SENS (System Event Notification) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 SharedAccess (Internet Connection Sharing) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
3 TapiSrv (Telephony) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
4 WmdmPmSN (Portable Media Serial Number Service) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 wuauserv (Automatic Updates) - c:\winnt\system32\svchost.exe -k wugroup (file missing)
3 WZCSVC (Wireless Configuration) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-17 17:25:22 286 --a------ C:\WINNT\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-09-28 12:31:56 408 --a------ C:\WINNT\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-02-29 and 2008-03-31 -----------------------------

2008-03-30 18:39:27 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Office Genuine Advantage
2008-03-30 18:29:56 0 d-------- C:\Documents and Settings\zhenzhen\Application Data\BitTorrent
2008-03-30 16:49:30 25773 --a------ C:\WINNT\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-03-30 16:49:23 2 -rahs---- C:\WINNT\winstart.bat
2008-03-30 16:44:59 0 d-------- C:\backreg
2008-03-30 16:44:58 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Regrun
2008-03-30 16:44:16 0 d-------- C:\Program Files\Greatis
2008-03-28 17:55:43 507904 -----n--- C:\WINNT\Silent Hunter II remove.exe
2008-03-28 17:55:43 1772544 -ra------ C:\WINNT\dsetup32.dll <Not Verified; Microsoft Corporation; Microsoft? DirectX for Windows? 95 and 98>
2008-03-28 17:55:43 44544 -ra------ C:\WINNT\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft? DirectX for Windows? 95 and 98>
2008-03-28 16:04:14 68096 --a------ C:\WINNT\system32\zip.exe
2008-03-28 16:04:14 98816 --a------ C:\WINNT\system32\sed.exe
2008-03-28 16:04:14 80412 --a------ C:\WINNT\system32\grep.exe
2008-03-28 16:04:14 73728 --a------ C:\WINNT\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-27 21:42:07 1207394 ---h----- C:\WINNT\ShellIconCache
2008-03-26 17:50:57 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\DoctorWeb
2008-03-25 16:09:24 0 d-------- C:\WINNT\ERUNT
2008-03-24 19:43:55 0 d-------- C:\Lexmark X74-X75
2008-03-24 11:55:20 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Kaspersky Lab Setup Files
2008-03-23 11:36:25 0 d-------- C:\kav
2008-03-23 11:08:23 217088 --a------ C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\sysclean.exe <Not Verified; Trend Micro Incorporated; SysClean Application>
2008-03-22 09:53:25 0 d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-19 15:58:18 0 d-------- C:\Program Files\RADVideo
2008-03-15 10:04:27 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Moyea
2008-03-15 10:03:56 0 d-------- C:\Program Files\Moyea
2008-03-14 09:37:32 0 d-------- C:\Program Files\Deskshare
2008-03-12 09:54:05 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\DemoCreator
2008-03-12 09:53:38 0 d-------- C:\Program Files\Wondershare
2008-03-12 09:49:23 0 d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder
2008-03-11 12:18:09 0 d-------- C:\Program Files\PTAutoRun
2008-03-11 12:01:48 0 d-------- C:\Program Files\Conduit
2008-03-11 12:01:41 0 d-------- C:\Program Files\free-downloads.net
2008-03-11 11:49:29 0 d-------- C:\Program Files\PhotoActions
2008-03-10 19:31:32 0 d-------- C:\INF-Tool
2008-03-10 19:21:10 0 d-------- C:\Program Files\Screen Recorder Gold
2008-03-10 18:42:24 0 d-------- C:\Fraps
2008-03-10 18:27:41 0 d-------- C:\Program Files\7-Zip
2008-03-10 18:14:29 0 d-------- C:\install
2008-03-10 14:00:07 0 d-------- C:\IV
2008-03-09 09:49:45 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\TechSmith
2008-03-09 09:49:19 0 d-------- C:\Program Files\TechSmith
2008-03-06 19:09:06 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\AdobeUM
2008-03-05 19:47:53 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Adobe
2008-03-05 19:38:08 0 d-------- C:\WINNT\Cache
2008-03-05 16:13:11 0 d-------- C:\Program Files\CamStudio
2008-03-02 15:48:50 0 d-------- C:\Program Files\Hypercam2
2008-03-02 15:47:51 106496 --a------ C:\Program Files\CamRes2.dll <Not Verified; Hyperionics; Hyperionics HyperCam>
2008-03-02 10:34:21 0 d-------- C:\Program Files\ZD Soft


-- Find3M Report ---------------------------------------------------------------

2008-03-29 10:32:02 1524 --a------ C:\WINNT\system32\d3d8caps.dat
2008-03-12 10:14:58 664 --a------ C:\WINNT\system32\d3d9caps.dat
2008-03-10 18:43:06 0 --a------ C:\AUTOEXEC.BAT
2008-03-10 14:02:38 115072 --a------ C:\WINNT\system32\perfh004.dat
2008-03-10 14:02:38 38036 --a------ C:\WINNT\system32\perfc004.dat
2008-02-18 09:25:34 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\ABBYY
2008-02-18 08:57:34 0 d-------- C:\Program Files\NJStar Chinese WP
2008-02-18 08:55:52 0 d-------- C:\Program Files\Google
2008-02-17 20:28:54 0 d-------- C:\Program Files\SoftwareForLitSupport
2008-02-17 17:26:50 0 d-------- C:\Program Files\Common Files\Download Manager
2008-02-17 17:22:46 72192 --a------ C:\WINNT\cadkasdeinst01e.exe
2008-02-17 17:22:46 0 d-------- C:\Program Files\OCR-TextScan 2 Word 1
2008-02-17 16:40:40 0 d-------- C:\Program Files\Cuneiform 6.0
2008-02-17 15:45:10 0 d-------- C:\Program Files\MagicDisc
2008-02-17 15:35:48 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\DAEMON Tools
2008-02-17 12:58:50 0 d-------- C:\Program Files\Microsoft Office 2003 Developer Resources
2008-02-17 12:01:42 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Help
2008-02-17 11:58:14 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\NJStar
2008-02-05 16:04:48 0 d-------- C:\Program Files\Trend Micro
2008-02-03 12:04:06 0 d-------- C:\Program Files\Fortinet
2008-02-03 11:52:50 0 d-------- C:\Program Files\Pocket Tanks
2008-02-03 11:51:06 0 d-------- C:\Program Files\Pocket Tanks Deluxe
2008-02-03 10:34:50 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-03 09:18:54 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\WinRAR
2008-02-02 23:50:06 0 d-------- C:\Program Files\ImmenseTech
2008-02-02 10:40:02 0 d-------- C:\Program Files\IObit
2008-01-20 09:41:50 2855 --a------ C:\WINNT\system32\kdgcl.PIF
2008-01-19 17:48:58 25992 --a------ C:\WINNT\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-01-16 16:25:32 52736 --a------ C:\WINNT\ipuninst.exe <Not Verified; Interplay Productions; Interplay Uninstaller for Windows 95>
2008-01-14 05:52:00 81920 --a------ C:\WINNT\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-01-08 20:42:56 13234 --a------ C:\Program Files\backfont.zip
2008-01-08 20:42:28 28418 --a------ C:\Program Files\lcdfont.zip
2008-01-02 09:59:36 0 --a------ C:\WINNT\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 15:05 C:\WINNT\system32\mobsync.exe]
"LexPPS.exe"="C:\WINNT\system32\lexpps.exe" [02-10-14 14:00 ]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [02-10-14 14:09 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [00-01-10 12:00 C:\WINNT\system32\internat.exe]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [07-03-05 14:57 ]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [08-02-22 04:30 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"KnightSpy"=c:\program files\metal knights\knightspy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avi Player]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSexy_ca]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Playboy_ca]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NoteBurner"=C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
"FortiClient"="C:\Program Files\Fortinet\FortiClient\FortiClient.exe" /minimize




-- End of Deckard's System Scanner: finished at 2008-03-31 16:40:27 ------------


----------------------------------------------------------------------------------------------------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 55%
Physical Memory (total/avail): 183.48 MiB / 80.95 MiB
Pagefile Memory (total/avail): 559.83 MiB / 421.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1974.88 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 4.76 GiB total, 0.59 GiB free.
D: is Fixed (FAT32) - 5.36 GiB total, 0.15 GiB free.
E: is Fixed (FAT) - 3.94 GiB total, 1.01 GiB free.
F: is CDROM (No Media)
G: is CDROM (CDFS)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINNT
APPDATA=C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GU-3R3LEUQBGPNO
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.GU-3R3LEUQBGPNO
LOGONSERVER=\\GU-3R3LEUQBGPNO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 5 Model 8 Stepping 12, AuthenticAMD
PROCESSOR_LEVEL=5
PROCESSOR_REVISION=080c
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1.GU-\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.GU-\LOCALS~1\Temp
USERDOMAIN=GU-3R3LEUQBGPNO
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

zhenzhen (admin)
Administrator.GU-3R3LEUQBGPNO (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A00000000001}
Adobe Shockwave Player --> C:\WINNT\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Advanced CAB Repair v1.2 --> C:\PROGRA~1\ACR\UNWISE.EXE C:\PROGRA~1\ACR\INSTALL.LOG
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bink and Smacker --> C:\PROGRA~1\RADVIDEO\UNWISE.EXE C:\PROGRA~1\RADVIDEO\INSTALL.LOG
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Camtasia Studio 3 --> C:\Program Files\TechSmith\Camtasia Studio 3\CSuninst.EXE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conquest 3.0 --> "C:\Program Files\Conquest\unins000.exe"
Cuneiform 6.0 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Cuneiform 6.0\Uninst.isu"
DemoCreator --> "C:\Program Files\Wondershare\DemoCreator\unins000.exe"
Desperados 1.0 --> "E:\Desperados\Desperados.exe" -uninstall
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
Drive Speed Checker --> MsiExec.exe /X{32E1665E-D348-4B4B-A073-3D58C75E31FF}
FastStone Capture 5.9 --> C:\Program Files\FastStone Capture\uninst.exe
Finding Martin --> "C:\WINNT\TADSUINS.EXE" C:\Program Files\Finding Martin\UnInst2CCF.inf
FontCreator 5.6 --> "C:\Program Files\High-Logic\FontCreator\unins000.exe"
FortiClient --> MsiExec.exe /I{C2FAE67B-9C91-4C88-91C6-37E4D5F50FE9}
Fraps --> "C:\Fraps\uninstall.exe"
Free Snoopy Screensaver 1.0 --> "C:\Program Files\Free Snoopy Screensaver\unins000.exe"
FreeUndelete --> C:\Program Files\FreeUndelete\GLF19.exe /handle:fru
FreshDiagnose --> "C:\Program Files\FreshDevices\FreshDiagnose\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HyperCam 2 --> "c:\program files\UnHyCam2.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java 2 Runtime Environment, SE v1.4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext
jv16 PowerTools 2008 --> "C:\Program Files\jv16 PowerTools 2008\unins000.exe"
Karen's Autorun.inf Editor --> C:\WINNT\st6unst.exe -n "C:\Program Files\PTAutoRun\ST6UNST.LOG"
Lexmark X74-X75 --> C:\WINNT\system32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MAGICISO\UNWISE.EXE C:\PROGRA~1\MAGICISO\INSTALL.LOG
MagicDisc 2.6.85 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
mergeOCR --> MsiExec.exe /I{91897A56-3C56-4F62-8F6B-2E0F2B2E75E0}
Metal Knights 98 --> C:\Program Files\Metal Knights\UnInstall
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Moyea SWF to Video Converter Standard version 2.2.1.0 --> "C:\Program Files\Moyea\SWF to Video Std\unins000.exe"
My Screen Recorder 2.5 --> "C:\Program Files\Deskshare\My Screen Recorder\unins000.exe"
NJStar Chinese WP --> C:\Program Files\NJStar Chinese WP\uninst.exe
nrg2iso --> MsiExec.exe /I{61879398-F35C-4628-AC95-2B84B859FE93}
OCR-TextScan 2 Word 1 --> C:\WINNT\cadkasdeinst01e.exe "C:\Program Files\OCR-TextScan 2 Word 1\"
PC Wizard 2008.1.81 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
Pocket Tanks Deluxe v1.3(Total Uninstall) --> C:\Program Files\Pocket Tanks Deluxe\Uninstall.exe
Pocket Tanks v1.3 --> "C:\Program Files\Pocket Tanks\unins000.exe"
Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
Quick Screen Capture 3.0 --> "C:\Program Files\Quick Screen Capture\unins000.exe"
Screen Recorder Gold --> C:\PROGRA~1\SCREEN~1\UNWISE.EXE C:\PROGRA~1\SCREEN~1\INSTALL.LOG
Silent Hunter II --> C:\WINNT\Silent Hunter II remove.exe remove
SmartUndelete --> "C:\Program Files\SmartUndelete\unins000.exe"
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Warcraft III: All Products --> C:\WINNT\War3Unin.exe C:\WINNT\War3Unin.dat
Windows 2000 (KB904706) 安全更新 -->
Windows 2000 (KB923689) 安全更新 --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Windows 2000 (KB941569) 安全更新 --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Windows 2000 Service Pack 4 --> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows 2000 SP4 更新汇总 1 --> "C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB842773 --> C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 修补程序 - KB890046 --> "C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB893756 --> "C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB896358 --> "C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB896422 --> "C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB896423 --> "C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB896424 --> "C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB899587 --> "C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB899589 --> "C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB900725 --> "C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB901017 --> "C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB901214 --> "C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB905414 --> "C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB905749 --> "C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB908519 --> "C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB908523 --> "C:\WINNT\$NtUninstallKB908523$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB908531 --> "C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB911280 --> "C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB912919 --> "C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB913580 --> "C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB914388 --> "C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB914389 --> "C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB917008 --> "C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB917159 --> "C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB917422 --> "C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB917537 --> "C:\WINNT\$NtUninstallKB917537$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB917736 --> "C:\WINNT\$NtUninstallKB917736$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB917953 --> "C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB918118 --> "C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB920213 --> "C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB920670 --> "C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB920683 --> "C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB920685 --> "C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB920958 --> "C:\WINNT\$NtUninstallKB920958$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB921398 --> "C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB921503 --> "C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB921883 --> "C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB922582 --> "C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB922616 --> "C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB923191 --> "C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB923414 --> "C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB923810 --> "C:\WINNT\$NtUninstallKB923810$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB923980 --> "C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB924191 --> "C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB924270 --> "C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB924667 --> "C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB925902 --> "C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB926122 --> "C:\WINNT\$NtUninstallKB926122$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB926436 --> "C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB927891 --> "C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB928843 --> "C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB930178 --> "C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB931784 --> "C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB932168 --> "C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB933729 --> "C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB935839 --> "C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB935840 --> "C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB936021 --> "C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB937894 --> "C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB938827 --> "C:\WINNT\$NtUninstallKB938827$\spuninst\spuninst.exe"
Windows 2000 修补程序 - KB938829 --> "C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB905495 --> "C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB911567 --> "C:\WINNT\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB916281 --> "C:\WINNT\$NtUninstallKB916281-IE6SP1-20060526.162249$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB918899 --> "C:\WINNT\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB923694 --> "C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB928090 --> "C:\WINNT\$NtUninstallKB928090-IE6SP1-20070125.120000$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB929969 --> "C:\WINNT\$NtUninstallKB929969-IE6SP1-20061220.120000$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB931768 --> "C:\WINNT\$NtUninstallKB931768-IE6SP1-20070219.120000$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB933566 --> "C:\WINNT\$NtUninstallKB933566-IE6SP1-20070417.120000$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB937143 --> "C:\WINNT\$NtUninstallKB937143-IE6SP1-20070717.120000$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB938127 --> "C:\WINNT\$NtUninstallKB938127-IE6SP1-20070626.120000$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB939653 --> "C:\WINNT\$NtUninstallKB939653-IE6SP1-20070817.120000$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB941202 --> "C:\WINNT\$NtUninstallKB941202-OE6SP1-20070820.120000$\spuninst\spuninst.exe"
Windows 2000 修补程序包 - KB942615 --> "C:\WINNT\$NtUninstallKB942615-IE6SP1-20071029.120000$\spuninst\spuninst.exe"
Windows Blaster Worm Removal Tool (KB833330) --> C:\WINNT\$NtUninstallKB833330$\spuninst\spuninst.exe
Windows Media Player (KB911564) 安全更新 --> "C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Windows Media Player 6.4 (KB925398) 安全更新 --> "C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Windows Media Player 7.1 (KB917734) 安全更新 --> "C:\WINNT\$NtUninstallKB917734_WMP7$\spuninst\spuninst.exe"
Windows Media Player 9 (KB911565) 安全更新 --> "C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Windows Media Player 9 (KB917734) 安全更新 --> "C:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Windows Media Player 9 (KB936782) 安全更新 --> "C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinRescue 2000 --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\WNRSQ2KZ.INF, DefaultUninstall.ntx86
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wisdom-soft AutoScreenRecorder 2.1 Pro --> C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
安全更新 for DirectX 9 (KB941568) --> "C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe"
谷歌拼音输入法 --> "C:\Program Files\Google\Google Pinyin\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type363 / Error
Event Submitted/Written: 03/31/2008 03:57:27 PM
Event ID/Source: 4097 / EventSystem
Event Description:
在内部处理时,COM+ Event System 检测到一损坏的返回代码.HRESULT 是从 .\eventsystemobj.cpp 的行 42 的 800706BA. 请与 Microsoft 产品支持服务部门联系报告此问题.

Event Record #/Type358 / Error
Event Submitted/Written: 03/30/2008 05:17:15 PM
Event ID/Source: 4097 / EventSystem
Event Description:
在内部处理时,COM+ Event System 检测到一损坏的返回代码.HRESULT 是从 .\eventsystemobj.cpp 的行 42 的 800706BA. 请与 Microsoft 产品支持服务部门联系报告此问题.

Event Record #/Type357 / Error
Event Submitted/Written: 03/30/2008 04:59:47 PM
Event ID/Source: 4097 / EventSystem
Event Description:
在内部处理时,COM+ Event System 检测到一损坏的返回代码.HRESULT 是从 .\eventsystemobj.cpp 的行 42 的 800706BA. 请与 Microsoft 产品支持服务部门联系报告此问题.

Event Record #/Type356 / Error
Event Submitted/Written: 03/30/2008 04:01:15 PM
Event ID/Source: 4097 / EventSystem
Event Description:
在内部处理时,COM+ Event System 检测到一损坏的返回代码.HRESULT 是从 .\eventsystemobj.cpp 的行 42 的 800706BA. 请与 Microsoft 产品支持服务部门联系报告此问题.

Event Record #/Type355 / Warning
Event Submitted/Written: 03/30/2008 03:49:05 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800706BA



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10900 / Error
Event Submitted/Written: 03/31/2008 04:33:14 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
与 Remote Access Connection Manager 服务相依的 Telephony 服务因下列错误而无法启动:
%%1068

Event Record #/Type10899 / Error
Event Submitted/Written: 03/31/2008 04:33:14 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
与 Telephony 服务相依的 Remote Procedure Call (RPC) 服务因下列错误而无法启动:
%%2

Event Record #/Type10898 / Error
Event Submitted/Written: 03/31/2008 04:33:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
由于下列错误,Remote Procedure Call (RPC) 服务启动失败:
%%2

Event Record #/Type10896 / Error
Event Submitted/Written: 03/31/2008 04:28:59 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
与 Remote Access Connection Manager 服务相依的 Telephony 服务因下列错误而无法启动:
%%1068

Event Record #/Type10895 / Error
Event Submitted/Written: 03/31/2008 04:28:58 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
与 Telephony 服务相依的 Remote Procedure Call (RPC) 服务因下列错误而无法启动:
%%2



-- End of Deckard's System Scanner: finished at 2008-03-31 16:40:27 ------------


Thanks!

Waterburn

#54 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 31 March 2008 - 06:56 PM

Total Physical Memory: 184 MiB (256 MiB recommended).
System Drive C: has 0.59 GiB (less than 15%) free.


Wow, not much room left on C
Uninstall anything you don't need
Afterwards

I suggest running a Repair install on your system
Be forwarned, you have minimum Ram installed
Deckards' only see a max of 256
Which makes me think this is an old comp we're working with
Not sure, can't remember if you even have a CD copy of 2000
But try a Repair install
http://www.windows20...all.com/Repair/

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#55 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 31 March 2008 - 07:10 PM

Hi,

If I follow this will everything be deleted? My files, programs...etc.

Waterburn

#56 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 31 March 2008 - 07:17 PM

Backup whatever you can, just in case
But you should be ok with a Repair

Keep in mind, you will have to redo some Windows Updates
Also take note, without a proper Firewall or AV in place, chances are you will get reinfected

I suggest that you download and save, before you do the above
A free firewall
Outpost
http://www.agnitum.c...ts/outpostfree/
Or the older version of
Sygate Personal Firewall 5.6.2808
Can be downloaded from here
http://www.oldversio...am.php?n=sygate

You choose, but DO NOT go back online without a proper firewall set in place
Or you may be doing this again

Let me know how you make out please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#57 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 01 April 2008 - 02:02 PM

Hi,

I can't install firewall 1 since it uses a e-mail for the download link. (E-mails are blank) I can't install firewall 2 since it uses windows installer. (RPC Problem)

Thanks!

Waterburn

#58 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 01 April 2008 - 05:17 PM

Did you try the repair of your operating system already?
That would be the first step

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#59 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 01 April 2008 - 06:29 PM

Hi,

I tried a repair but with the four windows 2000 floppy boot disks. The problem didn't get fixed but again it acts like I just reinstalled. I don't have right now an actual Windows 2000 professional CD. But I do have it on a virtual drive. Is it possible to start up with the .iso image mounted onto the virtual drive?

Waterburn

#60 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 01 April 2008 - 06:57 PM

I haven't tested this out myself, so ensure to backup data
You could try to mount the image and try an in-place upgrade
Run Winnt32.exe from the I386 folder

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here