TheTechGuide Forum

General Category => Tech Clinic => Topic started by: waterburn on March 23, 2008, 08:45:39 AM

Title: Computer messed up!
Post by: waterburn on March 23, 2008, 08:45:39 AM

I have major problems with my computer and I am thinking it is a virus. But I have used AVG-Antispyware to do a complete system scan TWICE in a row. All the detected viruses were either ignored, deleted or quartined. There were some downloaders (High Risk), tracking cookies (Medium Risk) and Not-a-virus (Low Risk) I did the recommended actions.

Here are some of the problems going on my computer:

-Can't copy or paste
-Can't press links and some buttons
-It takes longer for the desktop to show up

When you type something in a box, my computer stores it. You type the letter and it will show you all the words you typed in that box

-It doesn't show I typed in before

When you go into device manager, you see a list of all the devices.

-When I try to go to the properties of a device, (by right-clicking) the properties window just doesn't open.

There are probably more problems but here are the ones at the top of my mind. NOTE: The problem is in both Internet Explorer and Windows.

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 23, 2008, 12:41:39 PM

Are you able to post a hijackthis log?
To copy, use the Ctrl + C keys
to paste, use the Ctrl + V keys

Title: Computer messed up!
Post by: waterburn on March 23, 2008, 03:10:35 PM

[quote name=\'guestolo\' post=\'424613\' date=\'Mar 23 2008, 11:41 AM\'] Are you able to post a hijackthis log? To copy, use the Ctrl + C keys to paste, use the Ctrl + V keys [/quote] 

It seems I can copy and paste for this situation.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:37, on 2008-3-23
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\NetMeeting\mstinit.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\conime.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINNT\system32\lexpps.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [internat.exe] internat.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java æŽ§åˆ¶å° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab (http://\"https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab\")
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (http://\"http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab\")
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://\"http://downloads.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab (http://\"http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab\")
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab (http://\"http://www.worldwinner.com/games/v50/pool/pool.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab\")
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab (http://\"http://www.worldwinner.com/games/v57/bjattack/bja.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (http://\"http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab\")
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab (http://\"http://www.worldwinner.com/games/v41/freecell/freecell.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v41/hangman/hangman.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (http://\"http://www.worldwinner.com/games/v47/wwspades/wwspades.cab\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Remote ABC - C:\Program Files\NetMeeting\mstinit.exe
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1.GU-/LOCALS~1/Temp/msoclip1/02/clip_image002.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\My Pictures\let it snow.bmp

--
End of file - 7637 bytes

Thanks Again!

Title: Computer messed up!
Post by: guestolo on March 23, 2008, 10:20:31 PM

Do you use Firewall software on this computer?
Or at least a hardware firewall?

Can you do the following
Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
  [color=\"#6666CC\"]Extended[/color]
Scan Options:
[color=\"#6666CC\"]Scan Archives[/color]

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
(http://i184.photobucket.com/albums/x99/guestolo/Kas-SaveReport-1.gif)
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.

Title: Computer messed up!
Post by: waterburn on March 24, 2008, 08:30:38 AM

Two problems:

1)I had to type the link since it didnt work when I clicked it
2)I can't do the scan since the "accept" button doesn't work

I thought of more problems from what seems to be a virus:

1)The yahoo e-mails are empty
2)Can't delete the yahoo e-mails since "delete" is a button
3)In windows I can't drag and drop
4)Another problem which may or may not be associated with all this:
When I try to install Kaspersky Antivirus with Windows Installer, A message pops up:

The Windows Installer Service could not be accessed. This can occur if you are runnining Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel for assistance.

This message pops up if you try to open any .msi file. But that's another story. I already looked up a lot for this so don't bother looking into it. If you provide a link, I probably would have already gone there.

*Keep in mind I can't type in long links*

I check for replies like every hours because I want to get this fixed A.S.A.P!

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 24, 2008, 12:24:33 PM

I'm a bit surprised you don't already have AV or Firewall protection installed on Win 2000
Looks as if you may have had Symantecs installed at one time, but no longer?

Did you try the following?
1. Click Start, click Run, then type Regedt32.
2. For each of the registry hives, follow these steps:
a. Select the hive.
b. For Windows XP, on the Edit menu, click Permissions.
For Windows 2000 and Windows NT 4, on the Security menu, click Permissions.
3. Verify that the SYSTEM account has been added and that it has Full control. If it does not, add the SYSTEM account with Full control.

Title: Computer messed up!
Post by: waterburn on March 24, 2008, 12:33:20 PM

I used to have Symantec about a year ago. I guess it didn't get completely removed. But I usually don't spend money on av or firewall. I ususally download trials or free av. Right now I am scanning with AVG Anti-spyware and Superantispyware.

I checked permissions and found that for SYSTEM both boxes were checked for full permission.

P.S When I was checking the post, I saw you were posting, what a coincidence!

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 24, 2008, 12:47:01 PM

If possible, can you post the logs from both AVG and Super when done

Try the keyboard keys to copy>paste

Title: Computer messed up!
Post by: guestolo on March 24, 2008, 01:16:00 PM

If you can't copy>paste
Can you use the UPLOAD button in a reply box and upload the results?

Title: Computer messed up!
Post by: waterburn on March 24, 2008, 06:01:07 PM

Sorry for the late reply but now I am having problems with the printer.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   17:21:19 2008-3-24

+ Scan result:

C:\WINNT\AutoUpdateWin32.exe -> Not-A-Virus.Adware.Agent : Ignored.

::Report end

--------------------------------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com (http://\"http://www.superantispyware.com\")

Generated 03/24/2008 at 04:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Custom Scan
Total Scan Time : 03:09:35

Memory items scanned : 0
Memory threats detected : 0
Registry items scanned : 22
Registry threats detected : 0
File items scanned : 28728
File threats detected : 4

Adware.Tracking Cookie
   C:\Documents and Settings\Default User.WINNT\Cookies\[email protected][1].txt

Adware.webHancer
   C:\WINNT\WH.EXE

Adware.eXactAdvertising-Installer
   C:\WINNT\DLGB.EXE

Adware.IEPlugin
   C:\WINNT\RGRT.EXE

If these massive problems are fixed, you are the first one I am going to thank.

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 24, 2008, 10:25:41 PM

Download [color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\") and save this to your desktop
We will need it in a bit

Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In safe mode
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Go to START>>My Computer>>Double click to open the C:\ folder

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

Post back the following:

1. Post the report from SDFixx
2. Post a fresh hijackthis log

Title: Computer messed up!
Post by: waterburn on March 25, 2008, 03:18:12 PM

SDFix: Version 1.161

Run by Administrator on ??? 2008-03-25 at 16:13

Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINNT\system32\kdgcl.exe - Deleted
C:\WINNT\AutoUpdateWin32.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-03-25 16:30:30
Windows 5.0.2195 Service Pack 4 FAT NTAPI

detected NTDLL code modification:
ZwQueryDirectoryFile

scanning hidden processes ...

\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe [496] 0x813BE7A0
\Program Files\Internet Explorer\IEXPLORE.EXE [372] 0x813408E0

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINNT\system32\kdgcl.exe 69632 bytes

scan completed successfully
hidden processes: 2
hidden services: 0
hidden files: 1

Remaining Services :

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 24 Feb 2005 392,192 ..SHR --- "C:\Program Files\NetMeeting\mstinit.exe"
Fri 14 Mar 2008 191,488 ..SH. --- "C:\WINNT\system32\nbjs.dll"
Sat 22 Mar 2008 23 A.SH. --- "C:\WINNT\system32\eadeafbdbafed_z.dll"
Sat 15 Mar 2008 136,704 ..SH. --- "C:\WINNT\systom32\svchost.exe"
Sat 3 Sep 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINNT\DRM\DRMv1.bak"
Sat 3 Sep 2005 401 ..SH. --- "C:\Documents and Settings\All Users.WINNT\DRM\DRMv17.bak"
Mon 18 Feb 2008 23,552 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\~WRL1774.tmp"
Mon 18 Feb 2008 26,624 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\~WRL4056.tmp"
Mon 18 Feb 2008 27,648 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\~WRL3043.tmp"
Mon 18 Feb 2008 27,136 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\~WRL0825.tmp"
Thu 26 Dec 2002 1,429,504 ..SHR --- "C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe"
Tue 25 Mar 2008 1,036,288 ..SHR --- "C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll"
Thu 27 Jul 2006 26,112 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Templates\~WRL0965.tmp"
Sun 3 Jul 2005 27,648 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Templates\~WRL1648.tmp"
Wed 13 Jul 2005 19,456 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL0004.tmp"
Sat 14 Jan 2006 33,280 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL2917.tmp"
Wed 29 Mar 2006 19,456 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL0003.tmp"
Wed 13 Jul 2005 19,456 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL1874.tmp"
Wed 13 Jul 2005 19,456 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL0968.tmp"
Sat 8 Jul 2006 27,136 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL1995.tmp"
Sat 8 Jul 2006 27,136 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL0466.tmp"
Sat 8 Jul 2006 26,624 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL0758.tmp"
Sun 6 Aug 2006 19,456 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 6 Aug 2006 19,968 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL1922.tmp"
Sun 6 Aug 2006 20,992 ...H. --- "C:\Documents and Settings\zhenzhen\Application Data\Microsoft\Word\~WRL3090.tmp"
Mon 8 Oct 2007 27,136 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Templates\~WRL0003.tmp"
Tue 31 Jul 2007 20,992 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL1574.tmp"
Tue 31 Jul 2007 20,992 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL0163.tmp"
Tue 31 Jul 2007 20,992 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL2661.tmp"
Wed 5 Sep 2007 19,456 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL0005.tmp"
Wed 5 Sep 2007 82,944 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL2362.tmp"
Mon 18 Feb 2008 21,504 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL0007.tmp"
Tue 13 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL0006.tmp"
Mon 18 Feb 2008 24,576 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL3011.tmp"
Mon 18 Feb 2008 22,528 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL0546.tmp"
Mon 18 Feb 2008 26,624 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL0477.tmp"
Mon 18 Feb 2008 27,136 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL0812.tmp"
Mon 18 Feb 2008 28,672 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL3892.tmp"
Sat 16 Jun 2007 29,696 ...H. --- "C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Microsoft\Word\~WRL0952.tmp"

Finished!

-----------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:23, on 2008-3-25
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\NetMeeting\mstinit.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\notepad.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINNT\system32\lexpps.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [internat.exe] internat.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java æŽ§åˆ¶å° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (http://\"http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab\")
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://\"http://downloads.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab (http://\"http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab\")
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab (http://\"http://www.worldwinner.com/games/v50/pool/pool.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab\")
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab (http://\"http://www.worldwinner.com/games/v57/bjattack/bja.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (http://\"http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab\")
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab (http://\"http://www.worldwinner.com/games/v41/freecell/freecell.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab (http://\"http://ca.com/us/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v41/hangman/hangman.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (http://\"http://www.worldwinner.com/games/v47/wwspades/wwspades.cab\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Remote ABC - C:\Program Files\NetMeeting\mstinit.exe
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1.GU-/LOCALS~1/Temp/msoclip1/02/clip_image002.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\My Pictures\let it snow.bmp

--
End of file - 7643 bytes

Thanks so much!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 25, 2008, 10:41:11 PM

Download Dr.Web CureIt to the desktop from this link
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")

PRINT the rest of these instructions, or save them to a text file on desktop

Reboot the computer into Safe mode

When in safe mode,

Double click to run Dr.Web-cureit.exe from desktop

Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: (http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
(http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer

Afterwards, Post back all the following

1. Post a fresh hijackthis log
2. Post the new log from Combofix

Title: Computer messed up!
Post by: waterburn on March 27, 2008, 08:08:03 PM

Hi,

This time the scan took nearly 4 and a half hours. I had to find a time when I could run it for 4 hours straight since in safe mode there is no Internet and almost can't play any games. It scanned nearly 100,000 files. The log .csv. I can't seem to open it with excel. I don't exactly know how to open it. So I converted it into .txt and pasted the contents of it here. You mentioned Combofix, I thought maybe I should use it to open .csv.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:04, on 2008-3-27
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\NetMeeting\mstinit.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINNT\system32\lexpps.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [internat.exe] internat.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java æŽ§åˆ¶å° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (http://\"http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab\")
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://\"http://downloads.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab (http://\"http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab\")
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab (http://\"http://www.worldwinner.com/games/v50/pool/pool.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab\")
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab (http://\"http://www.worldwinner.com/games/v57/bjattack/bja.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (http://\"http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab\")
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab (http://\"http://www.worldwinner.com/games/v41/freecell/freecell.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab (http://\"http://ca.com/us/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v41/hangman/hangman.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (http://\"http://www.worldwinner.com/games/v47/wwspades/wwspades.cab\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Remote ABC - C:\Program Files\NetMeeting\mstinit.exe
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1.GU-/LOCALS~1/Temp/msoclip1/02/clip_image002.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\My Pictures\let it snow.bmp

--
End of file - 7547 bytes

--------------------------------------------------------------------------------------------------------------------------------------

kdgcl.exe;C:\WINNT\system32;POLY!CRYPT - decompression error;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 28, 2008, 07:49:26 AM

Download the Flash_Disinfector.exe from here and save to desktop
http://www.techsupportforum.com/sectools/s...Disinfector.exe (http://\"http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe\")

Run Flash_Disinfector.exe, Follow the prompts
Insert any removable flash drives you may have when prompted

Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back all the following

1. Post the log from ComboFix
2. Post a fresh hijackthis log

Title: Computer messed up!
Post by: waterburn on March 28, 2008, 03:04:24 PM

Hi,

Here are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:02, on 2008-3-28
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prime95\Prime95.exe
C:\Program Files\NetMeeting\mstinit.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINNT\system32\lexpps.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [internat.exe] internat.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java æŽ§åˆ¶å° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (http://\"http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab\")
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://\"http://downloads.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab (http://\"http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab\")
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab (http://\"http://www.worldwinner.com/games/v50/pool/pool.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab\")
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab (http://\"http://www.worldwinner.com/games/v57/bjattack/bja.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (http://\"http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab\")
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab (http://\"http://www.worldwinner.com/games/v41/freecell/freecell.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab (http://\"http://ca.com/us/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v41/hangman/hangman.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (http://\"http://www.worldwinner.com/games/v47/wwspades/wwspades.cab\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Remote ABC - C:\Program Files\NetMeeting\mstinit.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1.GU-/LOCALS~1/Temp/msoclip1/02/clip_image002.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\My Pictures\let it snow.bmp

--
End of file - 7587 bytes

-------------------------------------------------------------------------------------------------------------------------------------

ComboFix 08-03-27.1 - Administrator 2008-03-28 16:05:32.1 - [color=\"red\"]FAT32[/color]x86
Running from: C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\æ¡Œé¢\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\drivers\npf.sys
C:\WINNT\system32\eadeafbdbafed_z.dll
C:\WINNT\system32\grecorder.dll
C:\WINNT\system32\nbjs.dll
C:\WINNT\system32\Packet.dll
C:\WINNT\system32\pthreadVC.dll
C:\WINNT\system32\WanPacket.dll
C:\WINNT\system32\wpcap.dll
C:\WINNT\systom32
C:\WINNT\systom32\svchost.exe
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-27 21:42 . 08-03-28 10:07 923,740 ---h----- C:\WINNT\ShellIconCache
2008-03-26 17:50 . 08-03-26 17:50 <DIR> d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\DoctorWeb
2008-03-25 16:57 . 08-03-25 17:06 250 --a------ C:\WINNT\gmer.ini
2008-03-25 16:12 . 08-03-25 16:12 36,433 --a------ C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\catchme.zip
2008-03-25 16:09 . 08-03-25 16:09 <DIR> d-------- C:\WINNT\ERUNT
2008-03-25 16:07 . 08-03-25 06:29 <DIR> d-------- C:\SDFix
2008-03-24 19:47 . 03-06-19 15:05 12,592 --a------ C:\WINNT\system32\drivers\usbscan.sys
2008-03-24 19:47 . 03-06-19 15:05 12,592 --a------ C:\WINNT\system32\dllcache\usbscan.sys
2008-03-24 19:43 . 08-03-24 19:43 <DIR> d-------- C:\Lexmark X74-X75
2008-03-24 11:55 . 08-03-24 11:55 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Kaspersky Lab Setup Files
2008-03-24 10:32 . 08-03-24 13:29 187 --a------ C:\JANUS.ERR
2008-03-24 10:22 . 08-03-24 10:23 1,435 --a------ C:\WINNT\imsins.BAK
2008-03-23 11:36 . 08-03-23 11:36 <DIR> d-------- C:\kav
2008-03-23 11:08 . 08-03-23 11:08 217,088 --a------ C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\sysclean.exe
2008-03-22 09:53 . 08-03-22 09:53 <DIR> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-22 09:53 . 08-03-22 09:53 23 --a------ C:\WINNT\system32\dfaa6_z.ocx
2008-03-19 15:58 . 08-03-19 15:58 <DIR> d-------- C:\Program Files\RADVideo
2008-03-15 10:04 . 08-03-15 10:04 <DIR> d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Moyea
2008-03-15 10:03 . 08-03-15 10:03 <DIR> d-------- C:\Program Files\Moyea
2008-03-14 12:33 . 08-03-16 13:14 8,192 --a------ C:\WINNT\system32\1.hiv
2008-03-14 09:37 . 08-03-14 09:37 <DIR> d-------- C:\Program Files\Deskshare
2008-03-12 09:54 . 08-03-12 09:54 <DIR> d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\DemoCreator
2008-03-12 09:53 . 08-03-12 09:53 <DIR> d-------- C:\Program Files\Wondershare
2008-03-12 09:49 . 08-03-12 09:49 <DIR> d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder
2008-03-11 17:24 . 02-12-11 18:50 301,712 --a------ C:\WINNT\system32\drmclien.dll
2008-03-11 17:24 . 02-12-11 18:50 301,712 --a------ C:\WINNT\system32\dllcache\drmclien.dll
2008-03-11 17:24 . 02-12-11 17:34 82,432 --a------ C:\WINNT\system32\drmstor.dll
2008-03-11 17:24 . 02-12-11 17:34 82,432 --a------ C:\WINNT\system32\dllcache\drmstor.dll
2008-03-11 17:24 . 02-12-11 17:34 9,728 --a------ C:\WINNT\system32\dllcache\npwmsdrm.dll
2008-03-11 12:18 . 08-03-11 12:18 <DIR> d-------- C:\Program Files\PTAutoRun
2008-03-11 12:17 . 08-03-11 12:18 249,856 --------- C:\WINNT\Setup1.exe
2008-03-11 12:17 . 08-03-11 12:17 73,216 --a------ C:\WINNT\temp.000
2008-03-11 12:01 . 08-03-11 12:01 <DIR> d-------- C:\Program Files\free-downloads.net
2008-03-11 12:01 . 08-03-11 12:01 <DIR> d-------- C:\Program Files\Conduit
2008-03-11 11:49 . 08-03-11 11:49 <DIR> d-------- C:\Program Files\PhotoActions
2008-03-10 19:31 . 08-03-10 19:31 <DIR> d-------- C:\INF-Tool
2008-03-10 19:21 . 08-03-10 19:21 <DIR> d-------- C:\Program Files\Screen Recorder Gold
2008-03-10 18:42 . 08-03-10 18:42 <DIR> d-------- C:\Fraps
2008-03-10 18:27 . 08-03-10 18:27 <DIR> d-------- C:\Program Files\7-Zip
2008-03-10 18:14 . 08-03-10 18:14 <DIR> d-------- C:\install
2008-03-10 14:00 . 08-03-10 14:00 <DIR> d-------- C:\IV
2008-03-10 13:59 . 08-03-10 18:43 6,881 --a------ C:\IVWINST.RPT
2008-03-09 09:49 . 08-03-09 09:49 <DIR> d-------- C:\Program Files\TechSmith
2008-03-09 09:49 . 08-03-09 09:49 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\TechSmith
2008-03-06 19:09 . 08-03-06 19:09 <DIR> d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\AdobeUM
2008-03-05 19:38 . 08-03-05 19:38 <DIR> d-------- C:\WINNT\Cache
2008-03-05 16:13 . 08-03-05 16:13 <DIR> d-------- C:\Program Files\CamStudio
2008-03-02 15:48 . 08-03-02 15:48 <DIR> d-------- C:\Program Files\Hypercam2
2008-03-02 15:47 . 07-10-22 15:09 106,496 --a------ C:\Program Files\CamRes2.dll
2008-03-02 10:34 . 08-03-02 10:34 <DIR> d-------- C:\Program Files\ZD Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 16:25 --------- d-----w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\ABBYY
2008-02-18 15:57 --------- d-----w C:\Program Files\NJStar Chinese WP
2008-02-18 15:55 --------- d-----w C:\Program Files\Google
2008-02-18 03:28 --------- d-----w C:\Program Files\SoftwareForLitSupport
2008-02-18 00:26 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-02-18 00:22 72,192 ----a-w C:\WINNT\cadkasdeinst01e.exe
2008-02-18 00:22 --------- d-----w C:\Program Files\OCR-TextScan 2 Word 1
2008-02-17 23:40 --------- d-----w C:\Program Files\Cuneiform 6.0
2008-02-17 22:45 --------- d-----w C:\Program Files\MagicDisc
2008-02-17 22:35 716,272 ----a-w C:\WINNT\system32\drivers\sptd.sys
2008-02-17 22:35 --------- d-----w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\DAEMON Tools
2008-02-17 19:58 --------- d-----w C:\Program Files\Microsoft Office 2003 Developer Resources
2008-02-17 18:58 --------- d-----w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\NJStar
2008-02-12 06:36 92,544 ----a-w C:\WINNT\system32\drivers\mcdbus.sys
2008-02-10 05:37 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\SUPERAntiSpyware.com
2008-02-05 23:04 --------- d-----w C:\Program Files\Trend Micro
2008-02-03 19:04 --------- d-----w C:\Program Files\Fortinet
2008-02-03 18:52 --------- d-----w C:\Program Files\Pocket Tanks
2008-02-03 18:51 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-02-03 17:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 06:50 --------- d-----w C:\Program Files\ImmenseTech
2008-02-02 17:40 --------- d-----w C:\Program Files\IObit
2008-01-30 01:37 --------- d-----w C:\Program Files\Prime95
2008-01-28 23:20 --------- d-----w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\ImgBurn
2008-01-20 00:48 25,992 ----a-w C:\WINNT\system32\pgdfgsvc.exe
2008-01-16 23:25 52,736 ----a-w C:\WINNT\ipuninst.exe
2008-01-14 12:52 81,920 ----a-w C:\WINNT\system32\frapsvid.dll
2008-01-09 03:42 28,418 ----a-w C:\Program Files\lcdfont.zip
2008-01-09 03:42 13,234 ----a-w C:\Program Files\backfont.zip
2008-01-07 23:23 6,625,744 ----a-w C:\Program Files\FontCreatorSetup.exe
2007-12-28 22:43 139,264 ----a-w C:\WINNT\War3Unin.exe
2007-11-30 04:56 63 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\B50LOAD.DAT
2007-10-31 17:52 1,044,173 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\testmh240.exe
2007-08-29 15:55 37,475 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Driver_Magician_3.22.zip
2007-07-20 18:03 20 ---h--w C:\Documents and Settings\All Users.WINNT\Application Data\PKP_DLec.DAT
2007-06-18 19:45 942,891 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\error-repair.exe
2006-12-14 17:18 3,274 ----a-w C:\Program Files\agreement.txt
2005-07-03 22:45 271 ---h--w C:\Program Files\desktop.ini
2005-07-03 22:45 21,931 ---h--w C:\Program Files\folder.htt
2003-09-30 15:46 5,120 ----a-w C:\Program Files\ACDSee.sip
2003-09-30 13:20 1,741 ----a-w C:\Program Files\ACDSee60Tips.tip
2000-01-10 19:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
1999-06-24 18:49 587 ----a-w C:\Program Files\8-44100d.wav
1999-06-24 18:49 421 ----a-w C:\Program Files\8-44100u.wav
1999-06-24 18:47 317 ----a-w C:\Program Files\8-22050d.wav
1999-06-24 18:47 225 ----a-w C:\Program Files\8-22050u.wav
1999-06-24 18:46 183 ----a-w C:\Program Files\8-11025d.wav
1999-06-24 18:46 135 ----a-w C:\Program Files\8-11025u.wav
1999-06-24 18:44 127 ----a-w C:\Program Files\8-8000u.wav
1999-06-24 18:43 151 ----a-w C:\Program Files\8-8000d.wav
1999-06-24 18:41 220 ----a-w C:\Program Files\16-8000u.wav
1999-06-24 18:40 260 ----a-w C:\Program Files\16-8000d.wav
1999-06-24 18:38 956 ----a-w C:\Program Files\16-44100u.wav
1999-06-24 18:37 1,186 ----a-w C:\Program Files\16-44100d.wav
1999-06-24 18:34 652 ----a-w C:\Program Files\16-22050d.wav
1999-06-24 18:34 442 ----a-w C:\Program Files\16-22050u.wav
1999-06-24 17:54 340 ----a-w C:\Program Files\16-11025d.wav
1999-06-24 17:50 326 ----a-w C:\Program Files\16-11025u.wav
1996-12-19 21:26 25 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\TSGUIDE.BAT
1996-12-19 21:24 22 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\README.BAT
1996-12-19 00:34 487,850 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\L2DOSFIX.EXE
1996-12-19 00:34 347,178 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\L2WINFIX.EXE
1996-10-15 17:40 291,600 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\WININET.DLL
1996-07-29 19:11 733,296 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\OPENGL32.DLL
1996-07-29 19:09 139,712 ----a-w C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\GLU32.DLL
1995-10-13 03:42 423,424 ----a-r C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\SU27.EXE
1995-10-09 03:54 25 ----a-r C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\LOAD.BAT
1995-06-05 10:10 64,880 ----a-r C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\B50LOAD.EXE
1993-07-16 18:53 35,614 ----a-r C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\DOWNLOAD.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [00-01-10 12:00 21264 C:\WINNT\system32\internat.exe]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [07-03-05 14:57 1103480]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [08-02-22 04:30 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 15:05 111376 C:\WINNT\system32\mobsync.exe]
"LexPPS.exe"="C:\WINNT\system32\lexpps.exe" [02-10-14 14:00 174592]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [02-10-14 14:09 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe" [07-06-11 13:04 190696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\My Pictures\let it snow.bmp
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avi Player]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSexy_ca]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Playboy_ca]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NoteBurner"=C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
"FortiClient"="C:\Program Files\Fortinet\FortiClient\FortiClient.exe" /minimize

*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 19:31:56 C:\WINNT\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-18 00:25:22 C:\WINNT\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-03-28 16:16:13
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\WINNT\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prime95\Prime95.exe
C:\Program Files\NetMeeting\mstinit.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\conime.exe
.
**************************************************************************
.
Completion time: 2008-03-28 16:18:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-28 23:18:22
Pre-Run: 300,048,384 bytes free
Post-Run: 251,138,048 bytes free
.
2008-03-12 18:03:18 --- E O F ---

Thanks Again!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 29, 2008, 11:27:42 AM

Are you able to now run the Kaspersky Online Scanner?

If you are, run it and post it's report

Also
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Title: Computer messed up!
Post by: waterburn on March 29, 2008, 12:08:19 PM

Hi,

Unfortuantely I am not able to run Kaspersky's Online Scanner. But I have the uninstall list.

Extra Info
-----------

1) The following three services I noticed are not started: RPC, Print Spooler, Windows Installer
2)When I try to start them from services.mcs, A message says: "1068: The dependency service or group failed to start."
3)Print Spooler explains why I can't print and there are no printers at Start>Settings>Printers although I have already installed the printer
4)Windows Installer explains why I can't install with windows installer, sometimes install shield...etc.
5)RPC explains why I can't click links,buttons, properties of files, sometimes with install shield it says "... The RPC server is unavailible"
6)I used Windows Malicious Software Removal tool to do a COMPLETE SCAN -> Found nothing out of a list of about 100 trojans...etc. One of them was the MSBLAST Virus which was the virus I thought I had.

Here's the uninstall list:

Moyea SWF to Video Converter Standard version 2.2.1.0
ABBYY FineReader 5.0 Sprint
Adobe Acrobat 5.0
Adobe Reader 6.0.1
Adobe Shockwave Player
Advanced CAB Repair v1.2
AVG Anti-Spyware 7.5
Bink and Smacker
Camtasia Studio 3
CCleaner (remove only)
Conquest 3.0
Cuneiform 6.0
DemoCreator
Desperados 1.0
Download Manager 2.3.6
Drive Speed Checker
FastStone Capture 5.9
Finding Martin
FontCreator 5.6
FortiClient
Fraps
Free Snoopy Screensaver 1.0
FreeUndelete
FreshDiagnose
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB911562)
Hotfix for MDAC 2.53 (KB927779)
HyperCam 2
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.1
jv16 PowerTools 2008
Karen's Autorun.inf Editor
Lexmark X74-X75
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.6.85
mergeOCR
Microsoft Office 2000 SR-1 Premium
My Screen Recorder 2.5
NJStar Chinese WP
nrg2iso
OCR-TextScan 2 Word 1
PC Wizard 2008.1.81
Pocket Tanks Deluxe v1.3(Total Uninstall)
Pocket Tanks v1.3
Prime95
Quick Screen Capture 3.0
Screen Recorder Gold
Silent Hunter II
SmartUndelete
SnagIt 8
SUPERAntiSpyware Free Edition
Windows 2000 (KB923689) å®‰å…¨æ›´æ–°
Windows 2000 (KB941569) å®‰å…¨æ›´æ–°
Windows 2000 Hotfix - KB823980
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944533
Windows 2000 Service Pack 4
Windows 2000 SP4 æ›´æ–°æ±‡æ€» 1
Windows 2000 ä¿®è¡¥ç¨‹åº - KB842773
Windows 2000 ä¿®è¡¥ç¨‹åº - KB890046
Windows 2000 ä¿®è¡¥ç¨‹åº - KB893756
Windows 2000 ä¿®è¡¥ç¨‹åº - KB896358
Windows 2000 ä¿®è¡¥ç¨‹åº - KB896422
Windows 2000 ä¿®è¡¥ç¨‹åº - KB896423
Windows 2000 ä¿®è¡¥ç¨‹åº - KB896424
Windows 2000 ä¿®è¡¥ç¨‹åº - KB899587
Windows 2000 ä¿®è¡¥ç¨‹åº - KB899589
Windows 2000 ä¿®è¡¥ç¨‹åº - KB900725
Windows 2000 ä¿®è¡¥ç¨‹åº - KB901017
Windows 2000 ä¿®è¡¥ç¨‹åº - KB901214
Windows 2000 ä¿®è¡¥ç¨‹åº - KB905414
Windows 2000 ä¿®è¡¥ç¨‹åº - KB905749
Windows 2000 ä¿®è¡¥ç¨‹åº - KB908519
Windows 2000 ä¿®è¡¥ç¨‹åº - KB908523
Windows 2000 ä¿®è¡¥ç¨‹åº - KB908531
Windows 2000 ä¿®è¡¥ç¨‹åº - KB911280
Windows 2000 ä¿®è¡¥ç¨‹åº - KB912919
Windows 2000 ä¿®è¡¥ç¨‹åº - KB913580
Windows 2000 ä¿®è¡¥ç¨‹åº - KB914388
Windows 2000 ä¿®è¡¥ç¨‹åº - KB914389
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917008
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917159
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917422
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917537
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917736
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917953
Windows 2000 ä¿®è¡¥ç¨‹åº - KB918118
Windows 2000 ä¿®è¡¥ç¨‹åº - KB920213
Windows 2000 ä¿®è¡¥ç¨‹åº - KB920670
Windows 2000 ä¿®è¡¥ç¨‹åº - KB920683
Windows 2000 ä¿®è¡¥ç¨‹åº - KB920685
Windows 2000 ä¿®è¡¥ç¨‹åº - KB920958
Windows 2000 ä¿®è¡¥ç¨‹åº - KB921398
Windows 2000 ä¿®è¡¥ç¨‹åº - KB921503
Windows 2000 ä¿®è¡¥ç¨‹åº - KB921883
Windows 2000 ä¿®è¡¥ç¨‹åº - KB922582
Windows 2000 ä¿®è¡¥ç¨‹åº - KB922616
Windows 2000 ä¿®è¡¥ç¨‹åº - KB923191
Windows 2000 ä¿®è¡¥ç¨‹åº - KB923414
Windows 2000 ä¿®è¡¥ç¨‹åº - KB923810
Windows 2000 ä¿®è¡¥ç¨‹åº - KB923980
Windows 2000 ä¿®è¡¥ç¨‹åº - KB924191
Windows 2000 ä¿®è¡¥ç¨‹åº - KB924270
Windows 2000 ä¿®è¡¥ç¨‹åº - KB924667
Windows 2000 ä¿®è¡¥ç¨‹åº - KB925902
Windows 2000 ä¿®è¡¥ç¨‹åº - KB926122
Windows 2000 ä¿®è¡¥ç¨‹åº - KB926436
Windows 2000 ä¿®è¡¥ç¨‹åº - KB927891
Windows 2000 ä¿®è¡¥ç¨‹åº - KB928843
Windows 2000 ä¿®è¡¥ç¨‹åº - KB930178
Windows 2000 ä¿®è¡¥ç¨‹åº - KB931784
Windows 2000 ä¿®è¡¥ç¨‹åº - KB932168
Windows 2000 ä¿®è¡¥ç¨‹åº - KB933729
Windows 2000 ä¿®è¡¥ç¨‹åº - KB935839
Windows 2000 ä¿®è¡¥ç¨‹åº - KB935840
Windows 2000 ä¿®è¡¥ç¨‹åº - KB936021
Windows 2000 ä¿®è¡¥ç¨‹åº - KB937894
Windows 2000 ä¿®è¡¥ç¨‹åº - KB938827
Windows 2000 ä¿®è¡¥ç¨‹åº - KB938829
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB905495
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB911567
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB916281
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB918899
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB923694
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB928090
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB929969
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB931768
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB933566
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB937143
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB938127
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB939653
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB941202
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB942615
Windows Blaster Worm Removal Tool (KB833330)
Windows Installer 3.1 (KB893803)
Windows Media Player (KB911564) å®‰å…¨æ›´æ–°
Windows Media Player 6.4 (KB925398) å®‰å…¨æ›´æ–°
Windows Media Player 7.1 (KB917734) å®‰å…¨æ›´æ–°
Windows Media Player 9 (KB911565) å®‰å…¨æ›´æ–°
Windows Media Player 9 (KB917734) å®‰å…¨æ›´æ–°
Windows Media Player 9 (KB936782) å®‰å…¨æ›´æ–°
Windows Media Player Hotfix [è¯·å‚é˜… Q828026 ä»¥èŽ·å¾—æ›´å¤šä¿¡æ¯]
Windows Media Player system update (9 Series)
WinRAR archiver
WinRescue 2000
WinZip
Wisdom-soft AutoScreenRecorder 2.1 Pro
å®‰å…¨æ›´æ–° for DirectX 9 (KB941568)
è°·æŒæ‹¼éŸ³è¾“å…¥æ³•

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 29, 2008, 02:21:19 PM

If you can't start RPC, you will lose a lot of functionality
Try the following, Mosaic1 wrote this small batch

Download/save and unzip to desktop
clearit.zip (http://\"http://forums.techguy.org/attachments/124266d1200466800/clearit.zip\")

Double click on clearit.bat

RESTART the computer
Let me know if you have some functions back

Title: Computer messed up!
Post by: waterburn on March 29, 2008, 06:41:18 PM

Hi,

The following message flashes quickly when I try to open clearit.bat:

C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\ æ¡Œé¢>Reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs /v DependOnService /f
'Reg' is not recognized as an internal or external command, operable program or batch file.

C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\æ¡Œé¢>Sc config Rpcss start= auto

'Sc' is not recognized as aninternal or external command, operable program or batch file.

Sorry gotta type quick, earth hour.

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 29, 2008, 07:07:43 PM

I forgot that you were on Windows 2000
Can you do the following

Go to START>>RUN>>type in

regedit

Navigate to the following key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Left click to highlight RpcSs
Then click REGISTRY at the top menu bar
"EXPORT REGISTRY FILE"
Give it a name, eg... waterburn
Then save it

Close registry editor
Can you navigate to where you saved the Export file
Right click on it and choose EDIT

Can you copy>>paste back here the whole contents?
If you can't copy and paste
Can you right click on 'waterburn.reg' and rename it to 'waterburn.txt'
Then upload it in a reply back here

Title: Computer messed up!
Post by: waterburn on March 29, 2008, 07:56:52 PM

Hi,

Here it is:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="æä¾›ç»ˆç»“ç‚¹æ˜ å°„ç¨‹åº (endpoint mapper) ä»¥åŠå…¶å®ƒ RPC æœåŠ¡ã€‚"
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Thanks!!

Waterburn

P.S How was Earth hour?

Title: Computer messed up!
Post by: guestolo on March 29, 2008, 08:23:44 PM

I've uploaded a file called
fix.txt at the bottom of this reply box
Right click the link and choose save link as

Can you save it to your desktop
Then right click on fix.txt and rename it too fix.reg
Allow the change

Double click on fix.reg and let it add/merge to the registry at the prompt

Reboot the computer

Can you again navigate to that key in the registry and export it again
Give it a different name
Close registry editor

Can you again navigate to the file and select edit>>copy>paste the contents back here

Title: Computer messed up!
Post by: waterburn on March 29, 2008, 08:36:45 PM

Hi again,

Here it is:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

By the way, I caught you posting again!

*How do I attach? The toolbar for attaching isn't there anymore.

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 29, 2008, 08:44:29 PM

Quote

P.S How was Earth hour?

It's just after 7:00 pm here, don't start till another hour

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Can you go into services.msc and see if the following service is started
Remote Procedure Call (RPC)

Or can you start it?
If not, can you right click on it and select PROPERTIES>>Log on tab
what is selected there
Is it ENABLED?

EDIT>> To attach, in a reply look for the UPLOAD button on the bottom right of the screen
Browse to a file and select it then choose Upload

Title: Computer messed up!
Post by: waterburn on March 29, 2008, 08:48:46 PM

Hi,

I can't start RPC from services.msc and the properties button doesn't work! I press it, no reaction.

Its good to post back and forth like this!

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 29, 2008, 09:37:49 PM

What happens if you go to START>>RUN>>type in
cmd

At the prompt type

net start RpcSs

Hit Enter

Title: Computer messed up!
Post by: waterburn on March 29, 2008, 10:09:57 PM

Hi,

A message with the following message appears:
System Error 2 has occured. The system cannot find the file specified.

Waterburn

Title: Computer messed up!
Post by: guestolo on March 29, 2008, 10:32:22 PM

Take a look at the following link and see if it's any help
http://support.microsoft.com/?kbid=838428#appliesto (http://\"http://support.microsoft.com/?kbid=838428#appliesto\")

Before doing the instructions
Export the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT\LEGACY_RPCSS

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 07:19:32 AM

Hi,

I didn't go to the site yet, but I found out there are no actual keys in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT. There are some folders each with one Reg_Sz key but the key has no data. That means
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT\LEGACY_RPCSS doesn't exist either.

Thanks

Waterburn

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 11:32:13 AM

Can you navigate back to this key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Highlight it, on the right hand side
Look for Image path
What is the Exact path to the executable, word for word

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 12:21:38 PM

Hi,

The exact path to the executable is: %SystemRoot%\system32\svchost -k rpcss

Waterburn

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 12:43:36 PM

Download and save to desktop
FileInfo.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/FileInfo.zip\")

Extract the contents so you have FileInfo.vbs on desktop

Double click on FileInfo.vbs to run it
In the first box type an asterik (Shift + 8 keys)>>> *
Then hit OK

Next box, copy and paste the file below

svchost

Hit OK
When the results text file opens, copy>paste back here the whole contents

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 12:56:44 PM

Hi,

For some reason when I double click it or press open nothing happens. If I try opening in command prompt, a black box flashes quickly with nothing in it.

Waterburn

P.S If you don't mind I really need this computer fixed today, its getting annoying that I can't do things.

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 01:00:14 PM

I have an idea, maybe you should export your HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs key and then I will import it.

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 01:10:12 PM

We can try that, but I believe your key is identical to mine now
Try it anyways
fix2.txt is uploaded, save it to desktop
rename to fix2.reg

Import>>Reboot>>

Try net start rpcss again

Did you extract fileinfo?

Can you right click on it and select Open

I seemed to be having trouble with downloading that file
Unless I right click on it with firefox only
Save as fix.txt

Here's what the contents of the file should look like

[color=\"#0000FF\"]Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[/color]

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 01:19:44 PM

Can you also scan a file for me

C:\Program Files\NetMeeting\mstinit.exe

That file, post the results or give me the link

http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 02:03:09 PM

Hi,

I am just wondering: Why do you need to scan that file? But anyway for some reason my computer doesnt have that file.

Waterburn

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 02:10:26 PM

I don't want you to browse to that file
If possible, copy>paste the path to the file at virustotal

C:\Program Files\NetMeeting\mstinit.exe

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 02:11:13 PM

how?

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 02:12:20 PM

Is it possible to use your Ctrl + C key to copy
And Ctrl + V keys to paste?

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 02:19:32 PM

I did what you asked (I think) But what do you need it for?

Just Wondering

Waterburn

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 02:22:52 PM

Are you going to post the results??
Is a virus scan tool, why do you think I want the results???

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 03:13:09 PM

This is the link I think: http://www.virustotal.com/reanalisis.html?...7df9fe0f1bb580a (http://\"http://www.virustotal.com/reanalisis.html?bd87e795a869b55457df9fe0f1bb580a\")

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 03:30:00 PM

Can you do the following

Do a "System scan only" with Hijackthis and put a check next to these entries:

O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1.GU-/LOCALS~1/Temp/msoclip1/02/clip_image002.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\My Pictures\let it snow.bmp

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Download [color=\"blue\"]OTMoveIt2.exe[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\") by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the entries below in BLUE to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]C:\Program Files\NetMeeting\mstinit.exe
C:\WINNT\WH.EXE
C:\WINNT\DLGB.EXE
C:\WINNT\RGRT.EXE
C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll[/color]

======================================================
Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Post that log
along with a fresh hijackthis log

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 04:09:42 PM

Hi,

I had to retype the entries in the blue list since copy and paste only work in certain situations. For Hjack this: The entry 03 - Toolbar (Noname) - {B580C...} doesn't exist. Afterwards the background was gone but that doesn't matter.

INFO: I noticed the memory usage was MUCH lower after things started breaking down. Probably because RPC isn't started.

Here are the logs:

File move failed. C:\Program Files\NetMeeting\mstinit.exe scheduled to be moved on reboot.
File/Folder C:\WINNT\WH.EXE not found.
File/Folder C:\WINNT\DLGB.EXE not found.
File/Folder C:\WINNT\RGRT.EXE not found.
File/Folder C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe not found.
C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll NOT unregistered.
C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03302008_171141

---------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:00, on 2008-3-30
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINNT\system32\lexpps.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [internat.exe] internat.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - S-1-5-21-57989841-920026266-1202660629-500 Startup: bittorrent.exe (User '?')
O4 - Startup: bittorrent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java æŽ§åˆ¶å° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (http://\"http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab\")
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://\"http://downloads.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab (http://\"http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab\")
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab (http://\"http://www.worldwinner.com/games/v50/pool/pool.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab\")
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab (http://\"http://www.worldwinner.com/games/v57/bjattack/bja.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (http://\"http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab\")
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab (http://\"http://www.worldwinner.com/games/v41/freecell/freecell.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab (http://\"http://ca.com/us/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v41/hangman/hangman.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (http://\"http://www.worldwinner.com/games/v47/wwspades/wwspades.cab\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)

--
End of file - 7395 bytes

Thanks Again!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 04:24:13 PM

Do another scan with Hijackthis
Tick the next entry

O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)

With all windows closed, click on Fix checked

Reboot the computer

Try starting Remote Procedure Call (RPC) again

Can you also export this key again and post the contents
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 04:27:21 PM

Should I do a normal scan or a system scan only?

Waterburn

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 04:27:59 PM

system scan only

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 04:49:14 PM

Hi,

RPC still doesn't start. But it seems like I just reinstalled the computer. The colors are different. Th start menu settings, favourites...etc. seems to be reset A few Low Memory messages show up at the start.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Waterburn

Title: Computer messed up!
Post by: waterburn on March 30, 2008, 05:28:18 PM

Hi,

I found the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RPCSS instead of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROOT\LEGACY_RPCSS. Should I follow the link for what I found?

Waterburn

Title: Computer messed up!
Post by: guestolo on March 30, 2008, 08:26:48 PM

Can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

Title: Computer messed up!
Post by: waterburn on March 31, 2008, 02:57:14 PM

Hi,

Here are the logs:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-31 16:37:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 184 MiB (256 MiB recommended).[/color]
[color=\"red\"]System Drive C: has 0.59 GiB (less than 15%) free.[/color]

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:00, on 2008-3-31
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\ã€Œå¼€å§‹ã€èœå•\ç¨‹åº\å¯åŠ¨\bittorrent.exe
C:\WINNT\system32\conime.exe
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\æ¡Œé¢\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINNT\system32\lexpps.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [internat.exe] internat.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')
O4 - S-1-5-21-57989841-920026266-1202660629-500 Startup: bittorrent.exe (User '?')
O4 - Startup: bittorrent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java æŽ§åˆ¶å° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (http://\"http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab\")
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://\"http://downloads.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab (http://\"http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab\")
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab (http://\"http://www.worldwinner.com/games/v50/pool/pool.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab\")
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab (http://\"http://www.worldwinner.com/games/v57/bjattack/bja.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (http://\"http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab\")
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab (http://\"http://www.worldwinner.com/games/v41/freecell/freecell.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab (http://\"http://ca.com/us/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v41/hangman/hangman.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (http://\"http://www.worldwinner.com/games/v47/wwspades/wwspades.cab\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)

--
End of file - 7514 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080330-170426-397 O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1.GU-/LOCALS~1/Temp/msoclip1/02/clip_image002.jpg
backup-20080330-170426-661 O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\My Pictures\let it snow.bmp
backup-20080330-175114-375 O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)

-- File Associations -----------------------------------------------------------

[color=\"red\"].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 catchme - c:\docume~1\admini~1.gu-\locals~1\temp\catchme.sys (file missing)
3 cpuz128 - c:\program files\pc wizard 2008\pcwiz32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys
1 FsVga - c:\winnt\system32\drivers\fsvga.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\winnt\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
0 ntcdrdrv - system32\drivers\ntcdrdrv.sys (file missing)
0 OCDE (ZTekWare Original CD Emulator Service) - system32\drivers\ocde.sys (file missing)
0 Partizan - system32\drivers\partizan.sys (file missing)
3 RegGuard - c:\winnt\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\winnt\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
3 scrcap - system32\drivers\scrcap.sys (file missing)
3 SiSV6306 - c:\winnt\system32\drivers\sis6306p.sys <Not Verified; Silicon Integrated Systems Corporation; SiS ® 530/620 Miniport Driver for Windows 2000>
3 solo (ESS Solo Audio Driver (WDM)) - c:\winnt\system32\drivers\solo.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
3 StillCam (Still Serial Digital Camera Driver) - c:\winnt\system32\drivers\serscan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
3 TVICHW32 - c:\winnt\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 Automatic LiveUpdate Scheduler - c:\program files\symantec\liveupdate\aluschedulersvc.exe (file missing)
2 BITS (Background Intelligent Transfer Service) - c:\winnt\system32\svchost.exe -k bitsgroup (file missing)
3 EventSystem (COM+ Event System) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
3 LiveUpdate - c:\progra~1\symantec\liveup~1\lucoms~1.exe (file missing)
3 Netman (Network Connections) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 NtmsSvc (Removable Storage) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 Prime95 Service - c:\program files\prime95\prime95.exe <Not Verified; ; PRIME95 Application>
2 RasAuto (Remote Access Auto Connection Manager) - c:\winnt\systom32\svchost.exe (file missing)
3 RasMan (Remote Access Connection Manager) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
4 RemoteAccess (Routing and Remote Access) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 RpcSs (Remote Procedure Call (RPC)) - c:\winnt\system32\svchost -k rpcss (file missing)
2 RPCT (Remote Procedure Call (TPM)) - c:\program files\netmeeting\mstinit.exe (file missing)
2 Schedule (Task Scheduler) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 SENS (System Event Notification) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 SharedAccess (Internet Connection Sharing) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
3 TapiSrv (Telephony) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
4 WmdmPmSN (Portable Media Serial Number Service) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)
2 wuauserv (Automatic Updates) - c:\winnt\system32\svchost.exe -k wugroup (file missing)
3 WZCSVC (Wireless Configuration) - c:\winnt\system32\svchost.exe -k netsvcs (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-17 17:25:22 286 --a------ C:\WINNT\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-09-28 12:31:56 408 --a------ C:\WINNT\Tasks\Uniblue SpeedUpMyPC.job

-- Files created between 2008-02-29 and 2008-03-31 -----------------------------

2008-03-30 18:39:27 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Office Genuine Advantage
2008-03-30 18:29:56 0 d-------- C:\Documents and Settings\zhenzhen\Application Data\BitTorrent
2008-03-30 16:49:30 25773 --a------ C:\WINNT\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-03-30 16:49:23 2 -rahs---- C:\WINNT\winstart.bat
2008-03-30 16:44:59 0 d-------- C:\backreg
2008-03-30 16:44:58 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Regrun
2008-03-30 16:44:16 0 d-------- C:\Program Files\Greatis
2008-03-28 17:55:43 507904 -----n--- C:\WINNT\Silent Hunter II remove.exe
2008-03-28 17:55:43 1772544 -ra------ C:\WINNT\dsetup32.dll <Not Verified; Microsoft Corporation; Microsoft? DirectX for Windows? 95 and 98>
2008-03-28 17:55:43 44544 -ra------ C:\WINNT\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft? DirectX for Windows? 95 and 98>
2008-03-28 16:04:14 68096 --a------ C:\WINNT\system32\zip.exe
2008-03-28 16:04:14 98816 --a------ C:\WINNT\system32\sed.exe
2008-03-28 16:04:14 80412 --a------ C:\WINNT\system32\grep.exe
2008-03-28 16:04:14 73728 --a------ C:\WINNT\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-27 21:42:07 1207394 ---h----- C:\WINNT\ShellIconCache
2008-03-26 17:50:57 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\DoctorWeb
2008-03-25 16:09:24 0 d-------- C:\WINNT\ERUNT
2008-03-24 19:43:55 0 d-------- C:\Lexmark X74-X75
2008-03-24 11:55:20 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Kaspersky Lab Setup Files
2008-03-23 11:36:25 0 d-------- C:\kav
2008-03-23 11:08:23 217088 --a------ C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\sysclean.exe <Not Verified; Trend Micro Incorporated; SysClean Application>
2008-03-22 09:53:25 0 d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-19 15:58:18 0 d-------- C:\Program Files\RADVideo
2008-03-15 10:04:27 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Moyea
2008-03-15 10:03:56 0 d-------- C:\Program Files\Moyea
2008-03-14 09:37:32 0 d-------- C:\Program Files\Deskshare
2008-03-12 09:54:05 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\DemoCreator
2008-03-12 09:53:38 0 d-------- C:\Program Files\Wondershare
2008-03-12 09:49:23 0 d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder
2008-03-11 12:18:09 0 d-------- C:\Program Files\PTAutoRun
2008-03-11 12:01:48 0 d-------- C:\Program Files\Conduit
2008-03-11 12:01:41 0 d-------- C:\Program Files\free-downloads.net
2008-03-11 11:49:29 0 d-------- C:\Program Files\PhotoActions
2008-03-10 19:31:32 0 d-------- C:\INF-Tool
2008-03-10 19:21:10 0 d-------- C:\Program Files\Screen Recorder Gold
2008-03-10 18:42:24 0 d-------- C:\Fraps
2008-03-10 18:27:41 0 d-------- C:\Program Files\7-Zip
2008-03-10 18:14:29 0 d-------- C:\install
2008-03-10 14:00:07 0 d-------- C:\IV
2008-03-09 09:49:45 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\TechSmith
2008-03-09 09:49:19 0 d-------- C:\Program Files\TechSmith
2008-03-06 19:09:06 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\AdobeUM
2008-03-05 19:47:53 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Adobe
2008-03-05 19:38:08 0 d-------- C:\WINNT\Cache
2008-03-05 16:13:11 0 d-------- C:\Program Files\CamStudio
2008-03-02 15:48:50 0 d-------- C:\Program Files\Hypercam2
2008-03-02 15:47:51 106496 --a------ C:\Program Files\CamRes2.dll <Not Verified; Hyperionics; Hyperionics HyperCam>
2008-03-02 10:34:21 0 d-------- C:\Program Files\ZD Soft

-- Find3M Report ---------------------------------------------------------------

2008-03-29 10:32:02 1524 --a------ C:\WINNT\system32\d3d8caps.dat
2008-03-12 10:14:58 664 --a------ C:\WINNT\system32\d3d9caps.dat
2008-03-10 18:43:06 0 --a------ C:\AUTOEXEC.BAT
2008-03-10 14:02:38 115072 --a------ C:\WINNT\system32\perfh004.dat
2008-03-10 14:02:38 38036 --a------ C:\WINNT\system32\perfc004.dat
2008-02-18 09:25:34 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\ABBYY
2008-02-18 08:57:34 0 d-------- C:\Program Files\NJStar Chinese WP
2008-02-18 08:55:52 0 d-------- C:\Program Files\Google
2008-02-17 20:28:54 0 d-------- C:\Program Files\SoftwareForLitSupport
2008-02-17 17:26:50 0 d-------- C:\Program Files\Common Files\Download Manager
2008-02-17 17:22:46 72192 --a------ C:\WINNT\cadkasdeinst01e.exe
2008-02-17 17:22:46 0 d-------- C:\Program Files\OCR-TextScan 2 Word 1
2008-02-17 16:40:40 0 d-------- C:\Program Files\Cuneiform 6.0
2008-02-17 15:45:10 0 d-------- C:\Program Files\MagicDisc
2008-02-17 15:35:48 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\DAEMON Tools
2008-02-17 12:58:50 0 d-------- C:\Program Files\Microsoft Office 2003 Developer Resources
2008-02-17 12:01:42 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\Help
2008-02-17 11:58:14 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\NJStar
2008-02-05 16:04:48 0 d-------- C:\Program Files\Trend Micro
2008-02-03 12:04:06 0 d-------- C:\Program Files\Fortinet
2008-02-03 11:52:50 0 d-------- C:\Program Files\Pocket Tanks
2008-02-03 11:51:06 0 d-------- C:\Program Files\Pocket Tanks Deluxe
2008-02-03 10:34:50 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-03 09:18:54 0 d-------- C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data\WinRAR
2008-02-02 23:50:06 0 d-------- C:\Program Files\ImmenseTech
2008-02-02 10:40:02 0 d-------- C:\Program Files\IObit
2008-01-20 09:41:50 2855 --a------ C:\WINNT\system32\kdgcl.PIF
2008-01-19 17:48:58 25992 --a------ C:\WINNT\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-01-16 16:25:32 52736 --a------ C:\WINNT\ipuninst.exe <Not Verified; Interplay Productions; Interplay Uninstaller for Windows 95>
2008-01-14 05:52:00 81920 --a------ C:\WINNT\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-01-08 20:42:56 13234 --a------ C:\Program Files\backfont.zip
2008-01-08 20:42:28 28418 --a------ C:\Program Files\lcdfont.zip
2008-01-02 09:59:36 0 --a------ C:\WINNT\nsreg.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 15:05 C:\WINNT\system32\mobsync.exe]
"LexPPS.exe"="C:\WINNT\system32\lexpps.exe" [02-10-14 14:00 ]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [02-10-14 14:09 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [00-01-10 12:00 C:\WINNT\system32\internat.exe]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [07-03-05 14:57 ]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [08-02-22 04:30 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"KnightSpy"=c:\program files\metal knights\knightspy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avi Player]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSexy_ca]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Playboy_ca]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NoteBurner"=C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
"FortiClient"="C:\Program Files\Fortinet\FortiClient\FortiClient.exe" /minimize

-- End of Deckard's System Scanner: finished at 2008-03-31 16:40:27 ------------

----------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 55%
Physical Memory (total/avail): 183.48 MiB / 80.95 MiB
Pagefile Memory (total/avail): 559.83 MiB / 421.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1974.88 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 4.76 GiB total, 0.59 GiB free.
D: is Fixed (FAT32) - 5.36 GiB total, 0.15 GiB free.
E: is Fixed (FAT) - 3.94 GiB total, 1.01 GiB free.
F: is CDROM (No Media)
G: is CDROM (CDFS)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINNT
APPDATA=C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GU-3R3LEUQBGPNO
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.GU-3R3LEUQBGPNO
LOGONSERVER=\\GU-3R3LEUQBGPNO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 5 Model 8 Stepping 12, AuthenticAMD
PROCESSOR_LEVEL=5
PROCESSOR_REVISION=080c
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1.GU-\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.GU-\LOCALS~1\Temp
USERDOMAIN=GU-3R3LEUQBGPNO
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO
windir=C:\WINNT

-- User Profiles ---------------------------------------------------------------

zhenzhen (admin)
Administrator.GU-3R3LEUQBGPNO (admin)

-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A00000000001}
Adobe Shockwave Player --> C:\WINNT\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Advanced CAB Repair v1.2 --> C:\PROGRA~1\ACR\UNWISE.EXE C:\PROGRA~1\ACR\INSTALL.LOG
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bink and Smacker --> C:\PROGRA~1\RADVIDEO\UNWISE.EXE C:\PROGRA~1\RADVIDEO\INSTALL.LOG
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Camtasia Studio 3 --> C:\Program Files\TechSmith\Camtasia Studio 3\CSuninst.EXE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conquest 3.0 --> "C:\Program Files\Conquest\unins000.exe"
Cuneiform 6.0 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Cuneiform 6.0\Uninst.isu"
DemoCreator --> "C:\Program Files\Wondershare\DemoCreator\unins000.exe"
Desperados 1.0 --> "E:\Desperados\Desperados.exe" -uninstall
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
Drive Speed Checker --> MsiExec.exe /X{32E1665E-D348-4B4B-A073-3D58C75E31FF}
FastStone Capture 5.9 --> C:\Program Files\FastStone Capture\uninst.exe
Finding Martin --> "C:\WINNT\TADSUINS.EXE" C:\Program Files\Finding Martin\UnInst2CCF.inf
FontCreator 5.6 --> "C:\Program Files\High-Logic\FontCreator\unins000.exe"
FortiClient --> MsiExec.exe /I{C2FAE67B-9C91-4C88-91C6-37E4D5F50FE9}
Fraps --> "C:\Fraps\uninstall.exe"
Free Snoopy Screensaver 1.0 --> "C:\Program Files\Free Snoopy Screensaver\unins000.exe"
FreeUndelete --> C:\Program Files\FreeUndelete\GLF19.exe /handle:fru
FreshDiagnose --> "C:\Program Files\FreshDevices\FreshDiagnose\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HyperCam 2 --> "c:\program files\UnHyCam2.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java 2 Runtime Environment, SE v1.4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext
jv16 PowerTools 2008 --> "C:\Program Files\jv16 PowerTools 2008\unins000.exe"
Karen's Autorun.inf Editor --> C:\WINNT\st6unst.exe -n "C:\Program Files\PTAutoRun\ST6UNST.LOG"
Lexmark X74-X75 --> C:\WINNT\system32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MAGICISO\UNWISE.EXE C:\PROGRA~1\MAGICISO\INSTALL.LOG
MagicDisc 2.6.85 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
mergeOCR --> MsiExec.exe /I{91897A56-3C56-4F62-8F6B-2E0F2B2E75E0}
Metal Knights 98 --> C:\Program Files\Metal Knights\UnInstall
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Moyea SWF to Video Converter Standard version 2.2.1.0 --> "C:\Program Files\Moyea\SWF to Video Std\unins000.exe"
My Screen Recorder 2.5 --> "C:\Program Files\Deskshare\My Screen Recorder\unins000.exe"
NJStar Chinese WP --> C:\Program Files\NJStar Chinese WP\uninst.exe
nrg2iso --> MsiExec.exe /I{61879398-F35C-4628-AC95-2B84B859FE93}
OCR-TextScan 2 Word 1 --> C:\WINNT\cadkasdeinst01e.exe "C:\Program Files\OCR-TextScan 2 Word 1\"
PC Wizard 2008.1.81 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
Pocket Tanks Deluxe v1.3(Total Uninstall) --> C:\Program Files\Pocket Tanks Deluxe\Uninstall.exe
Pocket Tanks v1.3 --> "C:\Program Files\Pocket Tanks\unins000.exe"
Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
Quick Screen Capture 3.0 --> "C:\Program Files\Quick Screen Capture\unins000.exe"
Screen Recorder Gold --> C:\PROGRA~1\SCREEN~1\UNWISE.EXE C:\PROGRA~1\SCREEN~1\INSTALL.LOG
Silent Hunter II --> C:\WINNT\Silent Hunter II remove.exe remove
SmartUndelete --> "C:\Program Files\SmartUndelete\unins000.exe"
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Warcraft III: All Products --> C:\WINNT\War3Unin.exe C:\WINNT\War3Unin.dat
Windows 2000 (KB904706) å®‰å…¨æ›´æ–° -->
Windows 2000 (KB923689) å®‰å…¨æ›´æ–° --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Windows 2000 (KB941569) å®‰å…¨æ›´æ–° --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Windows 2000 Service Pack 4 --> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows 2000 SP4 æ›´æ–°æ±‡æ€» 1 --> "C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB842773 --> C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 ä¿®è¡¥ç¨‹åº - KB890046 --> "C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB893756 --> "C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB896358 --> "C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB896422 --> "C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB896423 --> "C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB896424 --> "C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB899587 --> "C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB899589 --> "C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB900725 --> "C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB901017 --> "C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB901214 --> "C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB905414 --> "C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB905749 --> "C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB908519 --> "C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB908523 --> "C:\WINNT\$NtUninstallKB908523$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB908531 --> "C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB911280 --> "C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB912919 --> "C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB913580 --> "C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB914388 --> "C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB914389 --> "C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917008 --> "C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917159 --> "C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917422 --> "C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917537 --> "C:\WINNT\$NtUninstallKB917537$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917736 --> "C:\WINNT\$NtUninstallKB917736$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB917953 --> "C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB918118 --> "C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB920213 --> "C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB920670 --> "C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB920683 --> "C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB920685 --> "C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB920958 --> "C:\WINNT\$NtUninstallKB920958$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB921398 --> "C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB921503 --> "C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB921883 --> "C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB922582 --> "C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB922616 --> "C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB923191 --> "C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB923414 --> "C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB923810 --> "C:\WINNT\$NtUninstallKB923810$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB923980 --> "C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB924191 --> "C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB924270 --> "C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB924667 --> "C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB925902 --> "C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB926122 --> "C:\WINNT\$NtUninstallKB926122$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB926436 --> "C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB927891 --> "C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB928843 --> "C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB930178 --> "C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB931784 --> "C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB932168 --> "C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB933729 --> "C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB935839 --> "C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB935840 --> "C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB936021 --> "C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB937894 --> "C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB938827 --> "C:\WINNT\$NtUninstallKB938827$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åº - KB938829 --> "C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB905495 --> "C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB911567 --> "C:\WINNT\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB916281 --> "C:\WINNT\$NtUninstallKB916281-IE6SP1-20060526.162249$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB918899 --> "C:\WINNT\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB923694 --> "C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB928090 --> "C:\WINNT\$NtUninstallKB928090-IE6SP1-20070125.120000$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB929969 --> "C:\WINNT\$NtUninstallKB929969-IE6SP1-20061220.120000$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB931768 --> "C:\WINNT\$NtUninstallKB931768-IE6SP1-20070219.120000$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB933566 --> "C:\WINNT\$NtUninstallKB933566-IE6SP1-20070417.120000$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB937143 --> "C:\WINNT\$NtUninstallKB937143-IE6SP1-20070717.120000$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB938127 --> "C:\WINNT\$NtUninstallKB938127-IE6SP1-20070626.120000$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB939653 --> "C:\WINNT\$NtUninstallKB939653-IE6SP1-20070817.120000$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB941202 --> "C:\WINNT\$NtUninstallKB941202-OE6SP1-20070820.120000$\spuninst\spuninst.exe"
Windows 2000 ä¿®è¡¥ç¨‹åºåŒ… - KB942615 --> "C:\WINNT\$NtUninstallKB942615-IE6SP1-20071029.120000$\spuninst\spuninst.exe"
Windows Blaster Worm Removal Tool (KB833330) --> C:\WINNT\$NtUninstallKB833330$\spuninst\spuninst.exe
Windows Media Player (KB911564) å®‰å…¨æ›´æ–° --> "C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Windows Media Player 6.4 (KB925398) å®‰å…¨æ›´æ–° --> "C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Windows Media Player 7.1 (KB917734) å®‰å…¨æ›´æ–° --> "C:\WINNT\$NtUninstallKB917734_WMP7$\spuninst\spuninst.exe"
Windows Media Player 9 (KB911565) å®‰å…¨æ›´æ–° --> "C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Windows Media Player 9 (KB917734) å®‰å…¨æ›´æ–° --> "C:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Windows Media Player 9 (KB936782) å®‰å…¨æ›´æ–° --> "C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinRescue 2000 --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\WNRSQ2KZ.INF, DefaultUninstall.ntx86
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wisdom-soft AutoScreenRecorder 2.1 Pro --> C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
å®‰å…¨æ›´æ–° for DirectX 9 (KB941568) --> "C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe"
è°·æŒæ‹¼éŸ³è¾“å…¥æ³• --> "C:\Program Files\Google\Google Pinyin\Uninstall.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type363 / Error
Event Submitted/Written: 03/31/2008 03:57:27 PM
Event ID/Source: 4097 / EventSystem
Event Description:
åœ¨å†…éƒ¨å¤„ç†æ—¶ï¼ŒCOM+ Event System æ£€æµ‹åˆ°ä¸€æŸåçš„è¿”å›žä»£ç ï¼ŽHRESULT æ˜¯ä»Ž .\eventsystemobj.cpp çš„è¡Œ 42 çš„ã€€800706BA. è¯·ä¸Ž Microsoft äº§å“æ”¯æŒæœåŠ¡éƒ¨é—¨è”ç³»æŠ¥å‘Šæ¤é—®é¢˜ï¼Ž

Event Record #/Type358 / Error
Event Submitted/Written: 03/30/2008 05:17:15 PM
Event ID/Source: 4097 / EventSystem
Event Description:
åœ¨å†…éƒ¨å¤„ç†æ—¶ï¼ŒCOM+ Event System æ£€æµ‹åˆ°ä¸€æŸåçš„è¿”å›žä»£ç ï¼ŽHRESULT æ˜¯ä»Ž .\eventsystemobj.cpp çš„è¡Œ 42 çš„ã€€800706BA. è¯·ä¸Ž Microsoft äº§å“æ”¯æŒæœåŠ¡éƒ¨é—¨è”ç³»æŠ¥å‘Šæ¤é—®é¢˜ï¼Ž

Event Record #/Type357 / Error
Event Submitted/Written: 03/30/2008 04:59:47 PM
Event ID/Source: 4097 / EventSystem
Event Description:
åœ¨å†…éƒ¨å¤„ç†æ—¶ï¼ŒCOM+ Event System æ£€æµ‹åˆ°ä¸€æŸåçš„è¿”å›žä»£ç ï¼ŽHRESULT æ˜¯ä»Ž .\eventsystemobj.cpp çš„è¡Œ 42 çš„ã€€800706BA. è¯·ä¸Ž Microsoft äº§å“æ”¯æŒæœåŠ¡éƒ¨é—¨è”ç³»æŠ¥å‘Šæ¤é—®é¢˜ï¼Ž

Event Record #/Type356 / Error
Event Submitted/Written: 03/30/2008 04:01:15 PM
Event ID/Source: 4097 / EventSystem
Event Description:
åœ¨å†…éƒ¨å¤„ç†æ—¶ï¼ŒCOM+ Event System æ£€æµ‹åˆ°ä¸€æŸåçš„è¿”å›žä»£ç ï¼ŽHRESULT æ˜¯ä»Ž .\eventsystemobj.cpp çš„è¡Œ 42 çš„ã€€800706BA. è¯·ä¸Ž Microsoft äº§å“æ”¯æŒæœåŠ¡éƒ¨é—¨è”ç³»æŠ¥å‘Šæ¤é—®é¢˜ï¼Ž

Event Record #/Type355 / Warning
Event Submitted/Written: 03/30/2008 03:49:05 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800706BA

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type10900 / Error
Event Submitted/Written: 03/31/2008 04:33:14 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
ä¸Ž Remote Access Connection Manager æœåŠ¡ç›¸ä¾çš„ Telephony æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
%%1068

Event Record #/Type10899 / Error
Event Submitted/Written: 03/31/2008 04:33:14 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
ä¸Ž Telephony æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
%%2

Event Record #/Type10898 / Error
Event Submitted/Written: 03/31/2008 04:33:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
ç”±äºŽä¸‹åˆ—é”™è¯¯ï¼ŒRemote Procedure Call (RPC) æœåŠ¡å¯åŠ¨å¤±è´¥:
%%2

Event Record #/Type10896 / Error
Event Submitted/Written: 03/31/2008 04:28:59 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
ä¸Ž Remote Access Connection Manager æœåŠ¡ç›¸ä¾çš„ Telephony æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
%%1068

Event Record #/Type10895 / Error
Event Submitted/Written: 03/31/2008 04:28:58 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
ä¸Ž Telephony æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
%%2

-- End of Deckard's System Scanner: finished at 2008-03-31 16:40:27 ------------

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on March 31, 2008, 07:56:57 PM

Quote

Total Physical Memory: 184 MiB (256 MiB recommended).
System Drive C: has 0.59 GiB (less than 15%) free.

Wow, not much room left on C
Uninstall anything you don't need
Afterwards

I suggest running a Repair install on your system
Be forwarned, you have minimum Ram installed
Deckards' only see a max of 256
Which makes me think this is an old comp we're working with
Not sure, can't remember if you even have a CD copy of 2000
But try a Repair install
http://www.windows2000.windowsreinstall.com/Repair/ (http://\"http://www.windows2000.windowsreinstall.com/Repair/\")

Title: Computer messed up!
Post by: waterburn on March 31, 2008, 08:10:23 PM

Hi,

If I follow this will everything be deleted? My files, programs...etc.

Waterburn

Title: Computer messed up!
Post by: guestolo on March 31, 2008, 08:17:50 PM

Backup whatever you can, just in case
But you should be ok with a Repair

Keep in mind, you will have to redo some Windows Updates
Also take note, without a proper Firewall or AV in place, chances are you will get reinfected

I suggest that you download and save, before you do the above
A free firewall
Outpost
http://www.agnitum.com/products/outpostfree/ (http://\"http://www.agnitum.com/products/outpostfree/\")
Or the older version of
Sygate Personal Firewall 5.6.2808
Can be downloaded from here
http://www.oldversion.com/program.php?n=sygate (http://\"http://www.oldversion.com/program.php?n=sygate\")

You choose, but DO NOT go back online without a proper firewall set in place
Or you may be doing this again

Let me know how you make out please

Title: Computer messed up!
Post by: waterburn on April 01, 2008, 03:02:50 PM

Hi,

I can't install firewall 1 since it uses a e-mail for the download link. (E-mails are blank) I can't install firewall 2 since it uses windows installer. (RPC Problem)

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 01, 2008, 06:17:28 PM

Did you try the repair of your operating system already?
That would be the first step

Title: Computer messed up!
Post by: waterburn on April 01, 2008, 07:29:31 PM

Hi,

I tried a repair but with the four windows 2000 floppy boot disks. The problem didn't get fixed but again it acts like I just reinstalled. I don't have right now an actual Windows 2000 professional CD. But I do have it on a virtual drive. Is it possible to start up with the .iso image mounted onto the virtual drive?

Waterburn

Title: Computer messed up!
Post by: guestolo on April 01, 2008, 07:57:40 PM

I haven't tested this out myself, so ensure to backup data
You could try to mount the image and try an in-place upgrade
Run Winnt32.exe from the I386 folder

Title: Computer messed up!
Post by: waterburn on April 02, 2008, 02:53:58 PM

Hi,

Your plan worked until it started restarting and then setup continued during boot. During boot it needed the Windows 2000 CD again. But there is a file on drive C:\ called $WIN_NT$.~BT with the boot files (I think)

Waterburn

Title: Computer messed up!
Post by: waterburn on April 02, 2008, 04:51:29 PM

Hi,

I am also wondering if you can somehow change the source of where the windows 2000 files/windows 2000 CD is on the bootable floppies. Because you can for Windows NT by editing a certain file. Remember I do have the windows 2000 CD files but not the actual CD.

Thanks!

Waterburn

Title: Computer messed up!
Post by: waterburn on April 03, 2008, 08:28:55 PM

Hi,

I managed to get the Windows 2000 Professional CD. I did a full repair and all the problems were fixed! The RPC, Windows Installer and Print Spooler services were started! I did a few updates and installed the sygate firewall as you suggested. Now I am reinstalling my printer. But there are MORE problems! Here they are:

1)The low memory message keeps poping up at the start even though I have plenty of availible RAM from task manager

2)The colors sometimes change after starting (boxes,windows)

3)The computer restarts after a certain amount of time by itself

Thanks so much!!

Waterburn

Title: Computer messed up!
Post by: waterburn on April 03, 2008, 09:26:41 PM

Hi,

The printer is sucessfully installed. Now I am looking further into the restart problem. The monitors turns black and the next second you notice your starting up again. I wouldn't say it restarts at totally random times, you could almost say it restarts every 10 minutes or so. I checked the system event logs and here are some of the entries I found close to the restart time with a red 'X'

ç”±äºŽä¸‹åˆ—é”™è¯¯ï¼ŒRemote Procedure Call (RPC) æœåŠ¡å¯åŠ¨å¤±è´¥:
The system cannot find the file specified.

ä¸Ž Print Spooler æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

ä¸Ž LexBce Server æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

ä¸Ž Automatic LiveUpdate Scheduler æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

ä¸Ž Background Intelligent Transfer Service æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

ä¸Ž Logical Disk Manager æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

ä¸Ž COM+ Event System æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

It seems to all be pointing at Remote Procedure Call (RPC) And I thought everything was fixed!

The RPC thing is pretty annoying!

Everything else is fine, but restarting every 5 minutes isn't very helpful!

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 03, 2008, 10:59:36 PM

Can I see a fresh hijackthis log?

Also, are you sure the computer is not overheating, when was the last time you cleaned the inside of the computer out of dust, etc..?

Title: Computer messed up!
Post by: waterburn on April 04, 2008, 08:24:27 AM

Hi,

Since the computer keeps on restarting, I went to safe mode with networking. It seems to never restart here. This could mean it is not a hardware but a software problem. If you want me to do anything in Normal mode, I can do it except it better be quick before it restarts. I rechecked the system event logs and I found that the entries I posted were from before things were fixed. Here are the logs for after things were fixed:

1) IP æ— æ³•æ‰“å¼€é€‚é…å™¨ TCPIP\Parameters\Adapters\NDISWANIP çš„æ³¨å†Œè¡¨é¡¹ã€‚ æœ¬é€‚é…å™¨ä¸Šçš„ç•Œé¢ä¸ä¼šåˆå§‹åŒ–ã€‚

2) Remote Access Connection Manager æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œåœæ¢:
Access is denied.

3)Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.

There is like about 100 more entries with red a 'X' but they are a repetition of the last two messages.

*REMEMBER* Everything else is fixed so I can copy and post... all that. This means I can go back to previous posts and do things i couldn't do. Eg. Online Kaspersky Scan... etc. By the way I am doing Online Kaspersky scan right now. Looks like it will take a long time.

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:57 AM, on 04/04/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunOnce: [LexInstall] C:\WINNT\System32\spool\DRIVERS\W32X86\3\lexgo.exe LXBBPSWX.EXE /F=Lexmark X74-X75 /T=400
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java ????Ã¬Â¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (http://\"http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab\")
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://\"http://downloads.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab (http://\"http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab\")
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab (http://\"http://www.worldwinner.com/games/v50/pool/pool.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab\")
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab (http://\"http://www.worldwinner.com/games/v57/bjattack/bja.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (http://\"http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab\")
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab (http://\"http://www.worldwinner.com/games/v41/freecell/freecell.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab (http://\"http://ca.com/us/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v41/hangman/hangman.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (http://\"http://www.worldwinner.com/games/v47/wwspades/wwspades.cab\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6041 bytes

Thanks!

Waterburn

Title: Computer messed up!
Post by: waterburn on April 04, 2008, 09:18:19 AM

Hi,

Now I am starting to notice problems in Internet Explorer. While going on some sites, an error message shows up saying iexplore.exe has generated errors and will be closed by windows. You will need to restart the program. An error log is being created. The Internet window is then closed. Sometimes another message pops up also saying Internet Explorer needs to be restarted. Here's an image of the error message: http://support.microsoft.com/library/image...rtingDialog.gif (http://\"http://support.microsoft.com/library/images/support/kbgraphics/public/EN-US/IE5x_NewErrorReportingDialog.gif\") And also a lot of the times you see a little yellow triangle with a '!' in it at the bottom left hand corner. Beside the symbol there is sometimes words that say 'Done, but with errors on page.' This is for almost every site. I recently, after the restore, updated Internet Explorer 5 -> Internet Explorer 6 SP1. I can't update to IE 7 since it is for XP. Another thing is I can't use Microsoft Update.

"Problems are fixed but more appear"

Thanks!

Waterburn

Title: Computer messed up!
Post by: waterburn on April 04, 2008, 05:15:31 PM

Hi,

Here's the Kaspersky Online Scan Report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 04, 2008 6:34:49 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/04/2008
Kaspersky Anti-Virus database records: 681582
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\
   G:\

Scan Statistics:
   Total number of scanned objects: 41837
   Number of viruses found: 2
   Number of infected objects: 4
   Number of suspicious objects: 0
   Duration of the scan process: 03:27:04

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\ntuser.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\History\History.IE5\MSHist012008040420080405\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\Temporary Internet Files\Content.IE5\TU2XI24O\index[1].htm   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\catchme.zip/kdgcl.exe   Infected: Trojan.Win32.DNSChanger.iu   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\catchme.zip   ZIP: infected - 1   skipped
C:\WINNT\system32\config\software.LOG   Object is locked   skipped
C:\WINNT\system32\config\default.LOG   Object is locked   skipped
C:\WINNT\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINNT\system32\config\SYSTEM.ALT   Object is locked   skipped
C:\WINNT\system32\config\SAM.LOG   Object is locked   skipped
C:\WINNT\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINNT\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINNT\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINNT\system32\config\SECURITY   Object is locked   skipped
C:\WINNT\system32\config\SOFTWARE   Object is locked   skipped
C:\WINNT\system32\config\SYSTEM   Object is locked   skipped
C:\WINNT\system32\config\DEFAULT   Object is locked   skipped
C:\WINNT\system32\config\SAM   Object is locked   skipped
C:\WINNT\system32\drivers\sptd.sys   Object is locked   skipped
C:\WINNT\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINNT\CSC\00000001   Object is locked   skipped
C:\SDFix\backups\backups.zip/backups/AutoUpdateWin32.exe   Infected: not-a-virus:AdWare.Win32.Agent.ed   skipped
C:\SDFix\backups\backups.zip   ZIP: infected - 1   skipped
E:\Zoo Tycoon Complete Collection\rzr-ztcc2.bin   Object is locked   skipped

Scan process completed.

*Don't forget to check the above posts.*

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 04, 2008, 09:04:28 PM

Can you do the following, I still see a service(s) running that does not look right

Download and save to desktop
getservices.zip (http://\"http://download.bleepingcomputer.com/spyware/getservices.zip\")
Extract the folder within to your desktop

Open the folder and double click on getservice.bat
Post the contents of the log that opens

Title: Computer messed up!
Post by: waterburn on April 04, 2008, 09:27:26 PM

Hi,

Here is the log:

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
é€šçŸ¥æ‰€é€‰ç”¨æˆ·å’Œè®¡ç®—æœºæœ‰å…³ç³»ç»Ÿç®¡ç†çº§è¦æŠ¥ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Alerter
   DEPENDENCIES    : LanmanWorkstation
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AppMgmt
æä¾›è½¯ä»¶å®‰è£…æœåŠ¡ï¼Œè¯¸å¦‚åˆ†æ´¾ï¼Œå‘è¡Œä»¥åŠåˆ é™¤ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Application Management
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Automatic LiveUpdate Scheduler
Manages the scheduling of Automatic LiveUpdate sessions
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Automatic LiveUpdate Scheduler
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AVG Anti-Spyware Guard
(null)
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : AVG Anti-Spyware Guard
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
ç”¨é—²ç½®ç½‘ç»œå¸¦å®½åœ¨åŽå°ä¼ è¾“æ–‡ä»¶ã€‚å¦‚æžœæ¤æœåŠ¡è¢«ç¦ç”¨ï¼Œé‚£ä¹ˆä»
»ä½•ä¾èµ–äºŽ BITS çš„åŠŸèƒ½ï¼Œä¾‹å¦‚ Windows Update æˆ– MSN Explorerï¼Œéƒ½å°†ä¸èƒ½è‡ªåŠ¨ä¸‹è½½ç¨‹åºå’Œå…¶å®ƒä¿¡æ¯ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k BITSgroup
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Background Intelligent Transfer Service
   DEPENDENCIES    : Rpcss
          : SENS
          : Wmi
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
ç»´æŠ¤ç½‘ç»œä¸Šè®¡ç®—æœºçš„æœ€æ–°åˆ—è¡¨ä»¥åŠæä¾›è¿™ä¸ªåˆ—è¡¨ç»™è¯·æ±‚çš„ç¨‹åº
ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Computer Browser
   DEPENDENCIES    : LanmanWorkstation
          : LanmanServer
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
(null)
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\cisvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Indexing Service
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
æ”¯æŒâ€œå‰ªè´´ç°¿æŸ¥çœ‹å™¨â€ï¼Œä»¥ä¾¿å¯ä»¥ä»Žè¿œç¨‹å‰ªè´´ç°¿æŸ¥é˜…å‰ªè´´é¡µé
¢ã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\clipsrv.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : ClipBook
   DEPENDENCIES    : NetDDE
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
é€šè¿‡æ³¨å†Œå’Œæ›´æ”¹ IP åœ°å€ä»¥åŠ DNS åç§°æ¥ç®¡ç†ç½‘ç»œé…ç½®ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\services.exe
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : DHCP Client
   DEPENDENCIES    : Tcpip
          : Afd
          : NetBT
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
ç£ç›˜ç®¡ç†è¯·æ±‚çš„ç³»ç»Ÿç®¡ç†æœåŠ¡
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\dmadmin.exe /com
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Logical Disk Manager Administrative Service
   DEPENDENCIES    : RpcSs
          : PlugPlay
          : DmServer
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
é€»è¾‘ç£ç›˜ç®¡ç†å™¨ç›‘è§†ç‹—æœåŠ¡
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Logical Disk Manager
   DEPENDENCIES    : RpcSs
          : PlugPlay
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
è§£æžå’Œç¼“å†²åŸŸåç³»ç»Ÿ (DNS) åç§°ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\services.exe
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : DNS Client
   DEPENDENCIES    : Tcpip
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
è®°å½•ç¨‹åºå’Œ Windows å‘é€çš„äº‹ä»¶æ¶ˆæ¯ã€‚äº‹ä»¶æ—¥å¿—åŒ…å«å¯¹è¯Šæ–é—®é¢˜æœ‰æ‰€å¸®åŠ©çš„ä¿¡æ¯ã€
‚æ‚¨å¯ä»¥åœ¨â€œäº‹ä»¶æŸ¥çœ‹å™¨â€ä¸æŸ¥çœ‹æŠ¥å‘Šã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP : Event log
   TAG       : 0
   DISPLAY_NAME    : Event Log
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
æä¾›äº‹ä»¶çš„è‡ªåŠ¨å‘å¸ƒåˆ°è®¢é˜… COM ç»„ä»¶ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : Network
   TAG       : 0
   DISPLAY_NAME    : COM+ Event System
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Fax
å¸®åŠ©æ‚¨å‘é€å’ŒæŽ¥æ”¶ä¼ çœŸ
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\faxsvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Fax Service
   DEPENDENCIES    : TapiSrv
          : RpcSs
          : PlugPlay
          : Spooler
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: IDriverT
Provides support for the Running Object Table for InstallShield Drivers
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : InstallDriver Table Manager
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
æä¾› RPC æ”¯æŒã€æ–‡ä»¶ã€æ‰“å°ä»¥åŠå‘½åç®¡é“å…±äº«ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Server
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
æä¾›ç½‘ç»œé“¾ç»“å’Œé€šè®¯ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\services.exe
   LOAD_ORDER_GROUP : NetworkProvider
   TAG       : 0
   DISPLAY_NAME    : Workstation
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LexBceS
(null)
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\LEXBCES.EXE
   LOAD_ORDER_GROUP : SpoolerGroup
   TAG       : 0
   DISPLAY_NAME    : LexBce Server
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LiveUpdate
LiveUpdate Core Engine
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : LiveUpdate
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
å…è®¸å¯¹â€œTCP/IP ä¸Š NetBIOS (NetBT)â€æœåŠ¡ä»¥åŠ NetBIOS åç§°è§£æžçš„æ”¯æŒã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : TCP/IP NetBIOS Helper Service
   DEPENDENCIES    : NetBT
          : Afd
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
å‘é€å’ŒæŽ¥æ”¶ç³»ç»Ÿç®¡ç†å‘˜æˆ–è€…â€œè¦æŠ¥å™¨â€æœåŠ¡ä¼ é€’çš„æ¶ˆæ¯ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Messenger
   DEPENDENCIES    : LanmanWorkstation
          : NetBIOS
          : RpcSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
å…è®¸æœ‰æƒé™çš„ç”¨æˆ·ä½¿ç”¨ NetMeeting è¿œç¨‹è®¿é—® Windows æ¡Œé¢ã€‚
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\mnmsrvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : NetMeeting Remote Desktop Sharing
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
å¹¶åˆ—äº‹åŠ¡ï¼Œæ˜¯åˆ†å¸ƒäºŽä¸¤ä¸ªä»¥ä¸Šçš„æ•°æ®åº“ï¼Œæ¶ˆæ¯é˜Ÿåˆ—ï¼Œæ–‡ä»¶ç³»ç»
Ÿï¼Œæˆ–å…¶å®ƒäº‹åŠ¡ä¿æŠ¤èµ„æºç®¡ç†å™¨ã€‚
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\msdtc.exe
   LOAD_ORDER_GROUP : MS Transactions
   TAG       : 0
   DISPLAY_NAME    : Distributed Transaction Coordinator
   DEPENDENCIES    : RPCSS
          : SamSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSIServer
Installs, repairs and removes software according to instructions contained in .MSI files.
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\MsiExec.exe /V
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Installer
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
æä¾›åŠ¨æ€æ•°æ®äº¤æ¢ (DDE) çš„ç½‘ç»œä¼ è¾“å’Œå®‰å…¨ç‰¹æ€§ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
   LOAD_ORDER_GROUP : NetDDEGroup
   TAG       : 0
   DISPLAY_NAME    : Network DDE
   DEPENDENCIES    : NetDDEDSDM
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
ç®¡ç†ç½‘ç»œ DDE çš„å…±äº«åŠ¨æ€æ•°æ®äº¤æ¢
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Network DDE DSDM
   DEPENDENCIES    :
          : EGrLocalSystem
          : Network DDE DSDM
          : etwork DDE
          : ted Transaction Coordinator
          : river Table Manar
          :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
æ”¯æŒç½‘ç»œä¸Šè®¡ç®—æœº pass-through å¸æˆ·ç™»å½•èº«ä»½éªŒè¯äº‹ä»¶ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
   LOAD_ORDER_GROUP : RemoteValidation
   TAG       : 0
   DISPLAY_NAME    : Net Logon
   DEPENDENCIES    : LanmanWorkstation
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
ç®¡ç†â€œç½‘ç»œå’Œæ‹¨å·è¿žæŽ¥â€æ–‡ä»¶å¤¹ä¸å¯¹è±¡ï¼Œåœ¨å…¶ä¸æ‚¨å¯ä»¥æŸ¥çœ‹å±
€åŸŸç½‘å’Œè¿œç¨‹è¿žæŽ¥ã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Network Connections
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
ä¸ºä½¿ç”¨ä¼ è¾“åè®®è€Œä¸æ˜¯å‘½åç®¡é“çš„è¿œç¨‹è¿‡ç¨‹è°ƒç”¨(RPC)ç¨‹åºæä¾›
å®‰å…¨æœºåˆ¶ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : NT LM Security Support Provider
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
ç®¡ç†å¯ç§»åŠ¨åª’ä½“ã€é©±åŠ¨ç¨‹åºå’Œåº“ã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Removable Storage
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
ç®¡ç†è®¾å¤‡å®‰è£…ä»¥åŠé…ç½®ï¼Œå¹¶ä¸”é€šçŸ¥ç¨‹åºå…³äºŽè®¾å¤‡æ›´æ”¹çš„æƒ…å†µã€
‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP : PlugPlay
   TAG       : 0
   DISPLAY_NAME    : Plug and Play
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
ç®¡ç† IP å®‰å…¨ç–ç•¥ä»¥åŠå¯åŠ¨ ISAKMP/Oakley (IKE) å’Œ IP å®‰å…¨é©±åŠ¨ç¨‹åºã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : IPSEC Policy Agent
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Prime95 Service
GIMPS client to find large prime numbers
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\Program Files\Prime95\Prime95.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Prime95 Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
æä¾›å¯¹æ•æ„Ÿæ•°æ®(å¦‚ç§é’¥)çš„ä¿æŠ¤æ€§å˜å‚¨ï¼Œä»¥ä¾¿é˜²æ¢æœªæŽˆæƒçš„æœ
åŠ¡ï¼Œè¿‡ç¨‹æˆ–ç”¨æˆ·å¯¹å…¶çš„éžæ³•è®¿é—®ã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Protected Storage
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
æ— è®ºä»€ä¹ˆæ—¶å€™å½“æŸä¸ªç¨‹åºå¼•ç”¨ä¸€ä¸ªè¿œç¨‹ DNS æˆ– NetBIOS åæˆ–è€…åœ°å€å°±åˆ›å»ºä¸€ä¸ªåˆ°è¿œç¨‹ç½‘ç»œçš„è¿žæŽ¥ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINNT\systom32\svchost.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Access Auto Connection Manager
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
åˆ›å»ºç½‘ç»œè¿žæŽ¥ã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Access Connection Manager
   DEPENDENCIES    : Tapisrv
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
åœ¨å±€åŸŸç½‘ä»¥åŠå¹¿åŸŸç½‘çŽ¯å¢ƒä¸ä¸ºä¼ä¸šæä¾›è·¯ç”±æœåŠ¡ã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Routing and Remote Access
   DEPENDENCIES    : RpcSS
          : +NetBIOSGroup
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
å…è®¸è¿œç¨‹æ³¨å†Œè¡¨æ“ä½œã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\regsvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Registry Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 0 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
ç®¡ç† RPC åç§°æœåŠ¡æ•°æ®åº“ã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\locator.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Procedure Call (RPC) Locator
   DEPENDENCIES    : LanmanWorkstation
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\svchost -k rpcss
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Procedure Call (RPC)
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RPCT
Manages local network connections.
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\Program Files\NetMeeting\mstinit.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Procedure Call (TPM)
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RSVP
ä¸ºä¾èµ–è´¨é‡æœåŠ¡(QoS)çš„ç¨‹åºå’ŒæŽ§åˆ¶åº”ç”¨ç¨‹åºæä¾›ç½‘ç»œä¿¡å·å’Œæœ¬
åœ°é€šä¿¡æŽ§åˆ¶å®‰è£…åŠŸèƒ½ã€‚
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\rsvp.exe -s
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : QoS RSVP
   DEPENDENCIES    : TcpIp
          : Afd
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
å˜å‚¨æœ¬åœ°ç”¨æˆ·å¸æˆ·çš„å®‰å…¨ä¿¡æ¯ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Security Accounts Manager
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
æä¾›å¯¹è¿žæŽ¥åˆ°è®¡ç®—æœºä¸Šæ—§å¼æ™ºèƒ½å¡çš„æ”¯æŒã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Smart Card Helper
   DEPENDENCIES    : +Smart Card Reader
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
å¯¹æ’å…¥åœ¨è®¡ç®—æœºæ™ºèƒ½å¡é˜…è¯»å™¨ä¸çš„æ™ºèƒ½å¡è¿›è¡Œç®¡ç†å’Œè®¿é—®æŽ§åˆ
¶ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Smart Card
   DEPENDENCIES    : PlugPlay
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Schedule
å…è®¸ç¨‹åºåœ¨æŒ‡å®šæ—¶é—´è¿è¡Œã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Task Scheduler
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
åœ¨ä¸åŒå‡æ®ä¸‹å¯ç”¨å¯åŠ¨è¿‡ç¨‹
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : RunAs Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
è·Ÿè¸ªç³»ç»Ÿäº‹ä»¶ï¼Œå¦‚ç™»å½• Windowsï¼Œç½‘ç»œä»¥åŠç”µæºäº‹ä»¶ç‰ã€‚å°†è¿™äº›äº‹ä»¶é€šçŸ¥ç»™ COM+ äº‹ä»¶ç³»ç»Ÿ â€œè®¢é˜…è€…(subscriber)â€ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : Network
   TAG       : 0
   DISPLAY_NAME    : System Event Notification
   DEPENDENCIES    : EventSystem
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
ä¸ºé€šè¿‡æ‹¨å·ç½‘ç»œè¿žæŽ¥çš„å®¶åºç½‘ç»œä¸æ‰€æœ‰è®¡ç®—æœºæä¾›ç½‘ç»œåœ°å€è½
¬æ¢ã€å®šå€ä»¥åŠåç§°è§£æžæœåŠ¡ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Internet Connection Sharing
   DEPENDENCIES    : RasMan
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SmcService
(null)
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\Program Files\Sygate\SPF\smc.exe
   LOAD_ORDER_GROUP : NDIS
   TAG       : 0
   DISPLAY_NAME    : Sygate Personal Firewall
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
å°†æ–‡ä»¶åŠ è½½åˆ°å†…å˜ä¸ä»¥ä¾¿è¿ŸåŽæ‰“å°ã€‚
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\spoolsv.exe
   LOAD_ORDER_GROUP : SpoolerGroup
   TAG       : 0
   DISPLAY_NAME    : Print Spooler
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: StiSvc
(null)
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\stisvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Still Image Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
é…ç½®æ€§èƒ½æ—¥å¿—å’Œè¦æŠ¥ã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\smlogsvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Performance Logs and Alerts
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TapiSrv
æä¾› TAPI çš„æ”¯æŒï¼Œä»¥ä¾¿ç¨‹åºæŽ§åˆ¶æœ¬åœ°è®¡ç®—æœºï¼ŒæœåŠ¡å™¨ä»¥åŠ LAN ä¸Šçš„ç”µè¯è®¾å¤‡å’ŒåŸºäºŽ IP çš„è¯éŸ³è¿žæŽ¥ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Telephony
   DEPENDENCIES    : PlugPlay
          : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TlntSvr
å…è®¸è¿œç¨‹ç”¨æˆ·ç™»å½•åˆ°ç³»ç»Ÿå¹¶ä¸”ä½¿ç”¨å‘½ä»¤è¡Œè¿è¡ŒæŽ§åˆ¶å°ç¨‹åºã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\tlntsvr.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Telnet
   DEPENDENCIES    : RpcSs
          : TcpIp
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
å½“æ–‡ä»¶åœ¨ç½‘ç»œåŸŸçš„ NTFS å·ä¸ç§»åŠ¨æ—¶å‘é€é€šçŸ¥ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Distributed Link Tracking Client
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UPS
ç®¡ç†è¿žæŽ¥åˆ°è®¡ç®—æœºçš„ä¸é—´æ–ç”µæº(UPS)ã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\ups.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Uninterruptible Power Supply
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UtilMan
ä»Žä¸€ä¸ªçª—å£ä¸å¯åŠ¨å’Œé…ç½®è¾…åŠ©å·¥å…·
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\UtilMan.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Utility Manager
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
è®¾ç½®è®¡ç®—æœºæ—¶é’Ÿã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Time
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WinMgmt
æä¾›ç³»ç»Ÿç®¡ç†ä¿¡æ¯ã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINNT\System32\WBEM\WinMgmt.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Management Instrumentation
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 60000 seconds
          : Restart   DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Portable Media Serial Number Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
ä¸Žé©±åŠ¨ç¨‹åºé—´äº¤æ¢ç³»ç»Ÿç®¡ç†ä¿¡æ¯ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\Services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Management Instrumentation Driver Extensions
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
å¯ç”¨ä¸‹è½½å’Œå®‰è£… Windows æ›´æ–°ã€‚å¦‚æžœæ¤æœåŠ¡è¢«ç¦ç”¨ï¼Œè¿™å°è®¡ç®—æœºå°†æ— æ³•ä½¿ç”¨â€œè‡ªåŠ¨æ›´æ–
°â€åŠŸèƒ½å’Œ Windows Update ç½‘ç«™ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k wugroup
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : è‡ªåŠ¨æ›´æ–°
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
ä½¿ç”¨ IEEE 802.1x ä¸ºæœ‰çº¿å’Œæ— çº¿ä»¥å¤ªç½‘ç»œæä¾›èº«ä»½éªŒè¯çš„ç½‘ç»œè®¿é—®æŽ§åˆ¶ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : Wireless Configuration
   DEPENDENCIES    : RpcSs
          : Ndisuio
          : ProtectedStorage
          : WMI
   SERVICE_START_NAME: LocalSystem

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 04, 2008, 10:42:13 PM

Can you download the ZIP file I attached to desktop
Then Unzip the contents to desktop
Double click on find_stuff.bat

A folder called Files will be produced on desktop
Open it and copy>>paste back here the contents of look1.txt

Title: Computer messed up!
Post by: waterburn on April 05, 2008, 08:44:28 AM

Hi,

Only one file was extracted from the zip. The file had no extension. So I tried changing its name to .bat but only a black box with (I believe) its location. I couldn't open the zip file for some reason.

Waterburn

Title: Computer messed up!
Post by: guestolo on April 05, 2008, 11:12:58 AM

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy ALL the BLUE text below
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as find_stuff.bat

Save this file on the desktop
Then follow my instructions earlier to run and post the log

[color=\"#0000FF\"]If not Exist files MkDir Files

echo doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs >files\ok1.txt

regedit /a files\ok1.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs"

echo doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto >files\ok2.txt

regedit /a files\ok2.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto"

echo doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM >files\ok3.txt

regedit /a files\ok3.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM"

echo doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCT >files\ok4.txt

regedit /a files\ok4.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCT"

cd files

copy *.txt = look.txt

del ok*.txt

Echo REGEDIT4 > compare.txt

Type look.txt | find /v /i "REGEDIT4" >> compare.txt
Type compare.txt | find /i "doesn't exist " >> compare2.txt
Type compare.txt | find /v /i "doesn't exist" >> compare1.txt

Echo ----------------------- >compare3.txt
Echo ----------------------- >> compare3.txt

del compare.txt

Copy compare2.txt + compare3.txt + compare1.txt = look1.txt

del look.txt
del compare2.txt
del compare1.txt
del compare3.txt[/color]

Title: Computer messed up!
Post by: waterburn on April 05, 2008, 12:30:03 PM

Hi,

I had to do another system restore. A message popped up before log in that had three words in English, the rest in Chinese: Services.exe, IsWellKnownSid, ADVAPI32.dll. Then after pressing 'OK' for that message, another message popped up with three things in English: NT AUTHORITY\SYSTEM, 1 minute count down untill shut down and C:\WINNT\system32\services.exe. The message was similar to this one http://www.pchell.com/images/sasser2.gif (http://\"http://www.pchell.com/images/sasser2.gif\") except the process was different and I think the message was different. Then in 1 minute the system restarted.

Here's the log:

doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,20,2d,6b,20,72,70,63,73,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,72,70,63,73,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,6f,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,00
"DisplayName"="Remote Access Auto Connection Manager"
"ObjectName"="LocalSystem"
"Description"="????????????????? DNS ? NetBIOS ???????????????????"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto\Enum]
"0"="Root\\LEGACY_RASAUTO\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCT]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,4e,65,74,\
4d,65,65,74,69,6e,67,5c,6d,73,74,69,6e,69,74,2e,65,78,65,00
"DisplayName"="Remote Procedure Call (TPM)"
"ObjectName"="LocalSystem"
"Description"="Manages local network connections."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCT\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,65,00,74,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,00,00,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\
00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\
00,05,20,00,00,00,23,02,00,00,00,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCT\Enum]
"0"="Root\\LEGACY_RPCT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

*NOTE* The Internet crashes on certain sites. Also the buttons for posting in this forum is back. The attaching, font, color, smiley faces...etc. buttons are back. Before there was only a box for typing and post icons.

I have to type fast before it restarts again!

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 05, 2008, 12:57:00 PM

When you restart the computer
What happens when you go to START>>RUN..
Type in cmd
Hit OK

Then type
SHUTDOWN /A

Notice the space after the N but before the /

Hit ENTER
Does this disable shutdown
You may not have the Resource kit installed, so it may not work
But if it does, we can go from there

NOTE: you must try and refrain from running in Safe mode with Networking if possible
An applied patch and no firewall running will keep you reinfected

Title: Computer messed up!
Post by: guestolo on April 05, 2008, 01:17:39 PM

I have to leave for awhile
If possible, download the following

You need to patch this computer from Microsoft
Download the patch from here and save to desktop

Here's a direct link
Click HERE (http://\"http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=0692c27e-f63a-414c-b3eb-d2342fbb6c00&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2ff%2fa%2fa%2ffaa796aa-399d-437a-9284-c3536e9f2e6e%2fWindows2000-KB835732-x86-ENU.EXE\")

Next:
Download Stinger from McAfee (http://\"http://download.nai.com/products/mcafee-avert/stng380.exe\")
Again save to desktop

If you don't have enough time to download those 2
Use another computer and transfer them to this one

Reboot to Safe mode ONLY
Run the applied patch from Microsoft
Then run Stinger

Reboot back to Normal Windows and post a fresh Hijackthis log

Title: Computer messed up!
Post by: waterburn on April 05, 2008, 04:40:58 PM

Hi,

Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:53 PM, on 05/04/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\faxsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\mobsync.exe
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\ã€Œå¼€å§‹ã€èœå•\ç¨‹åº\å¯åŠ¨\bittorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java ????Ã¬Â¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (http://\"http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab\")
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://\"http://downloads.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab (http://\"http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab\")
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab (http://\"http://www.worldwinner.com/games/v50/pool/pool.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab\")
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab (http://\"http://www.worldwinner.com/games/v57/bjattack/bja.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (http://\"http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab\")
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab (http://\"http://www.worldwinner.com/games/v41/freecell/freecell.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab (http://\"http://ca.com/us/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v41/hangman/hangman.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (http://\"http://www.worldwinner.com/games/v47/wwspades/wwspades.cab\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6453 bytes

Waterburn

Title: Computer messed up!
Post by: guestolo on April 06, 2008, 12:39:52 AM

Can you do the following for me
Do a "System scan only" with Hijackthis and put a check next to these entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in windows

Delete your version of Combofix on desktop
REDownload this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the new log from ComboFix and a new hijackthis log

Title: Computer messed up!
Post by: waterburn on April 06, 2008, 09:04:47 AM

Hi,

Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:09 AM, on 06/04/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\faxsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\ã€Œå¼€å§‹ã€èœå•\ç¨‹åº\å¯åŠ¨\bittorrent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\conime.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java ????Ã¬Â¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (http://\"http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab\")
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://\"http://downloads.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab (http://\"http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab\")
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab (http://\"http://www.worldwinner.com/games/v50/pool/pool.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab\")
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab (http://\"http://www.worldwinner.com/games/v57/bjattack/bja.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (http://\"http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab\")
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab (http://\"http://www.worldwinner.com/games/v41/freecell/freecell.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab (http://\"http://ca.com/us/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v41/hangman/hangman.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (http://\"http://www.worldwinner.com/games/v47/wwspades/wwspades.cab\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5958 bytes

The combofix log is too big to post and also too big to attach it is over 800KB.

[color=\"#0000ff\"]Thanks! /cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />
[/color]
Waterburn

*

/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' /> *

/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> *

/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' /> *

Title: Computer messed up!
Post by: guestolo on April 06, 2008, 05:39:57 PM

Can you upload the file to something like RapidShare and post the link here
http://rapidshare.com/ (http://\"http://rapidshare.com/\")

Title: Computer messed up!
Post by: waterburn on April 06, 2008, 06:21:20 PM

Hi,

Here's the link: http://rapidshare.com/files/105448935/ComboFix.txt.html (http://\"http://rapidshare.com/files/105448935/ComboFix.txt.html\")

Waterburn

Title: Computer messed up!
Post by: guestolo on April 06, 2008, 09:02:06 PM

Can you do the following

Go to START>>RUN>>Type in

services.msc

Hit OK
The Services Windows should open
On the right hand side of the screen
Look for this EXACT service name
Remote Procedure Call (TPM) <-notice the TPM in brackets,
Don't confuse it with (RPC) or (RPC) Locator,

Double click on Remote Procedure Call (TPM)
In the Startup type drop down menu, set to Disabled
Apply and OK it

Next, look for this Exact service name
Remote Access Auto Connection Manager
Double click on it to open it's Properties
In the Startup type drop down menu, set to Manual
Apply and OK it
Exit from the Services windows

NEXT: Go to START>>RUN>>Type in
regedit

Navigate to this Registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto

Left click to Highlight RasAuto
On the right hand side of the screen for this value name
ImagePath
Right click on ImagePath and select Modify

Under Value data:
It should read Exactly this

[color=\"#FF0000\"]%SystemRoot%\System32\svchost.exe -k netsvcs[/color]

If it doesn't, replace what you have with the above
You can copy>>paste it to ensure it's exact
Exit the registry editor

Reboot the computer, come back here and post a fresh hijackthis log

Title: Computer messed up!
Post by: waterburn on April 07, 2008, 02:41:19 PM

Hi,

Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:43 PM, on 07/04/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\faxsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\SoftwareDistribution\Download\3f7da105e4a8ee0eb9cd753ca285be6f\update\update.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java ????Ã¬Â¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (http://\"http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab\")
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://\"http://downloads.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab (http://\"http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab\")
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab (http://\"http://www.worldwinner.com/games/v50/pool/pool.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab\")
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab (http://\"http://www.worldwinner.com/games/v57/bjattack/bja.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (http://\"http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab\")
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab (http://\"http://www.worldwinner.com/games/v41/freecell/freecell.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab (http://\"http://ca.com/us/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab (http://\"http://www.worldwinner.com/games/v46/sol/sol.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v41/hangman/hangman.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (http://\"http://www.worldwinner.com/games/v47/wwspades/wwspades.cab\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5677 bytes

Thanks!

Waterburn

Title: Computer messed up!
Post by: waterburn on April 07, 2008, 05:05:07 PM

Hi,

Whenever I open setup.exe, a message pops up: [color=\"#ff0000\"]Setup.exe has generated errors and will be closed by windows. You will need to restart the program. An error log is being created. [/color][color=\"#000000\"]Like the one here: http://rubenlaguna.com/wp/wp-content/uploa.../11/cygwin4.png (http://\"http://rubenlaguna.com/wp/wp-content/uploads/2007/11/cygwin4.png\")

So I check drwtsn32.log. I find a part which I think is my error (Here's a translation): [color=\"#ff0000\"]Application procedures accident occurred mistakes:
Application procedures: (pid = 1424)
Time: 2008-4-7 @ 17:27:51.605
Unexpected #: c00000fd (stack overflow)[/color]

[/color][color=\"#000000\"]Waterburn

P.S Check the above post[/color]

Title: Computer messed up!
Post by: guestolo on April 08, 2008, 12:01:57 AM

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer

Do you still get an error message
If so, be EXACT of what you are doing when it happens
Are you trying to run a game, if so, how old is it
What game is it?

Title: Computer messed up!
Post by: waterburn on April 08, 2008, 02:36:35 PM

Hi,

I do still get an error message. I get the message when I double click setup.exe to install the Roller Coaster Tycoon 2. The game is 6 years old which is suitable for my computer since it is 10 years old-> used to be Windows 98.

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 08, 2008, 06:05:55 PM

[quote name=\'waterburn\' post=\'426161\' date=\'Apr 8 2008, 12:36 PM\']Hi,

I do still get an error message. I get the message when I double click setup.exe to install the Roller Coaster Tycoon 2. The game is 6 years old which is suitable for my computer since it is 10 years old-> used to be Windows 98.

Thanks!

Waterburn[/quote]

This sounds totally unrelated to the problems of malware you were experiencing earlier
You should start a whole new topic about it
I want to finish this topic
Besides the setup.exe error, how is everything running?

Title: Computer messed up!
Post by: waterburn on April 08, 2008, 06:59:44 PM

Hi,

Besides that everything else is fine. All the problems: copy & paste, drag and drop, links...etc. are fixed.

I gotta to hand it all to you.

Thank you very much!!!!

/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

Waterburn

Title: Computer messed up!
Post by: guestolo on April 08, 2008, 08:33:25 PM

To save on room on your harddrive
You can uninstall Kaspersky's online scanner
Bit Defender can be removed within Internet Explorer in the toolbar under TOOLS

Go to START>>RUN>>copy then paste the next entry in bold

ComboFix /u
Then hit OK
This will uninstall combofix

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
and click Create
Windows will prompt when it was created successfully

When that's done

download the [color=\"red\"]OTMoveIt2 by OldTimer[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\")[/url].

Save it to your desktop.
Double-click OTMoveIt2.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTMoveit.exe from desktop

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")

Title: Computer messed up!
Post by: waterburn on April 09, 2008, 03:29:16 PM

Hi,

I have a lot of quotes to explain what didn't work in your instructions.

Quote

ComboFix /u
Then hit OK
This will uninstall combofix

In run, it doesn't recognize the command.

Quote

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
and click Create
Windows will prompt when it was created successfully

Doesn't exist probably because that was meant for Windows XP

Quote

Wait for the confirmation box to open to reboot the computer

Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

The confirmation box doesn't open.

Quote

"Check for updates every couple of weeks"

That button doesn't exist. Do you mean for me to do that? Am I protected if I close SpywareBlaster?

Quote

Keep your new Firewall installed and operational when Online
You can check in it's options to disable the Automatic update, as it won't check for updates

Could you clarify?

There is a problem/question in bold after every quote.

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 10, 2008, 06:23:47 PM

Code: [Select]

In run, it doesn't recognize the command.Don't worry about it, Delete these folders if found

C:\Qoobox
C:\Deckard

Then ensure you run OTMoveit2 cleanup instructions

Quote

Doesn't exist probably because that was meant for Windows XP

Yup, I have XP on my brain, keep forgetting your running 2000

Quote

The confirmation box doesn't open.

Did you allow it to communicate thru Sygates?

Quote

Could you clarify?

Double click on the Sygate Icon by the clock to open the Program
Click on TOOLS>>OPTIONS>>UPDATES
Uncheck "Auto check for Updates...."

Quote

That button doesn't exist. Do you mean for me to do that? Am I protected if I close SpywareBlaster?

Open SpywareBlaster, it's not really a button, but notice UPDATES on the left hand side?

From the Creators site of SpywareBlaster

Quote

The most important step you can take is to secure your system. And SpywareBlaster is the most powerful protection program available.

# Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
# Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
# Restrict the actions of potentially unwanted sites in Internet Explorer.

SpywareBlaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web.

And unlike other programs, SpywareBlaster does not have to remain running in the background.

Title: Computer messed up!
Post by: waterburn on April 10, 2008, 07:36:48 PM

Hi,

Quote

Don't worry about it, Delete these folders if found

C:\Qoobox
C:\Deckard

Then ensure you run OTMoveit2 cleanup instructions

Qoobox and Deckard are already deleted. The rest of the files in cleanup are not found. Should I delete OTMoveit2.exe?

Quote

Did you allow it to communicate thru Sygates?

Yes I did. Just wondering, how do you know to allow or not for Sygates?

There is still one small problem, it restarts, but not very often.

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 11, 2008, 09:31:05 PM

I'm going to make a suggestion, Upgrade your machine
If your not into doing that, at minimum, go to the manufacturers' website
Download and save to external media, Network>>Video>>Sound drivers
Then download again Sygates
Do not ever again try and attempt connection to Internet without proper Windows updates and Firewall set in place, that was your initial mistake

CLEAN INSTALL your operating system, remember, this system is way behind the times
You have minimal storage left

We will probably go on for another few weeks trying to clear problems on this computer
If we will ever clear them

According to the dss.exe scan
Total Physical Memory: 184 MiB (256 MiB recommended).

Not much, 64 mb shared to Video

I would suggest installing a free AntiVirus software, but not knowing your processor speed, this may slow your computer considerably

If you don't want to clean install
Uninstall ALL programs you DON'T need installed, clear some of your minimal hard drive space
You posted what your 3 partitions had,
Why the heck to have a small harddrive like that partitioned is beyond me
You have a total, I believe, of less than 2gb left on 3 partitions

Do yourself a favor Waterburn, backup to CD or external drive, what you need
Not including any bloated games or software
Clean Install this system, don't treat it as a 500gb hard drive if you only have 8gb
8gb is good enough for 1 partition

I think this computer can't update to much memory, or I would suggest also to upgrade your memory

I don't mean to sound harsh, but I think we could be going here for another month and get nowhere
It's time to upgrade!
It would be a waste of yours and my time to go any further with this box

Title: Computer messed up!
Post by: waterburn on April 12, 2008, 06:44:56 PM

Hi,

Sorry to sound annoying.

Quote

I'm going to make a suggestion, Upgrade your machine
If your not into doing that, at minimum, go to the manufacturers' website
Download and save to external media, Network>>Video>>Sound drivers
Then download again Sygates
Do not ever again try and attempt connection to Internet without proper Windows updates and Firewall set in place, that was your initial mistake

Could you clarify? I donâ€™t get it. Also donâ€™t know why I have to download Sygates again.

I want to clean install the system. I am borrowing the Windows 2000 Professional right now, so thatâ€™s not a problem. To help me decide if I should reinstall or not, I have made a pro and con list. For the setup problem, I sent a detailed report on what the problem is and what steps I have taken already. Just have to wait 7-10 days for replies.

REINSTALL

PROS

1) All problems will be fixed: The ones I have now (I canâ€™t do much when the computer restarts randomly or every 30 minutes), (I really want to play Roller Coaster Tycoon 2 but it just doesnâ€™t work) And the future problems: (Who knows what if another major problem pops up, reinstalling will prevent it.), (Some day when I will have to do something important and it doesnâ€™t work, the only way might be to reinstall)

2) As you said we could go for another month and get nowhere. It could take forever to fix the problems I have now when I can easily just reinstall. Then more problems will come.

3) All viruses will probably be cleared (If any). A clean reinstall will probably get rid of any remaining viruses. Who knows? There could still be some viruses right now.

4) Its nice to start fresh and new. It feels good when your desktop is almost empty unlike now when it is almost full. Its like youâ€™re getting a new computer.

REINSTALL

CONS

1) It will take lots of time to update (All fixes, service packsâ€¦etc.) and install all drivers (Printer, modemâ€¦etc.), programs (Antivirus, diagnosis tools â€¦etc.), games (Zoo Tycoonâ€¦etc.)

2) Why reinstall when the computer is still able to function, we should update hardware. (Software isnâ€™t the main problem; it is because the computer is 10 years old with 196MB of memory, 500 MHZ processor and 14 GB of disk space.)

3) I will have to backup all the important documents, saved games, favoritesâ€¦etc. This will take time and I will have to find a way to get all the stuff onto floppies, sites, e-mail. (I donâ€™t have a CD Burner)

4) Risk of mistakes or incompletion. What if during the installation it canâ€™t find a file and your computer is stuck in that stage of Setup. So you will be left with half a computer. Or something like: The CD Key doesnâ€™t work or you pressed a wrong button during installation (Since the setup is in Chinese.)

Please take time to read through the PROS and CONS.

Now to explain things you have touched in your post. First of all my hard drive is not partitioned. The 14 GB of storage is on 2 hard drives. The first hard drive is the one that came with the computer (Drive C). It has 4 GB and is the system drive. Then just about 5 months ago my other computer burned up so I took out its hard drive. (Someone gave that computer to us). After working for hours, I finally hooked it up to this computer. It is a 10 GB disk partitioned into 2 drives D and E.

I donâ€™t have a CD burner, but I could easily get one. I just donâ€™t think I need it that much. If you know any other sites like Rapid Share, tell me. I need a site that can take more than 100 MB and is free. Right now I can attach 10 MB per message at Yahoo. I have a few floppies with about 1 MB storage that can be used to store some documents.

I can upgrade my memory to a maximum of 256 MB. Never tried it, but should be fine. But by overloading the other computer with memory, smoke started coming out of it and the wire coating started dripping onto the memory sticks, destroying it. I used to only have 128 MB of memory. We got lucky when buying another stick since the storeowner gave it to us for free. It is junk for him since he has piles of memory sticks from old computers but it is like treasure for us. After getting 64 MB of memory the computer was at least able to do basic things and some games. Before the computer froze, showed low memory messages and words were disappearing from windows. I had to use task manager to shut down explorer.exe. To use the Internet I had to type iexplore.exe in task manager. In desperate cases for memory, I had to shut down processes such as svchost.exe, faxsvc.exe, WinMgmt.exe, explorer.exe and of course processes for antivirusâ€¦etc.

Another thing is I take your posts and responses seriously. I try to follow your instructions exactly and ask if it doesnâ€™t work out exactly. Also I check the forums for responses everyday. (I have the tech forums on favorites) I spend a lot of time researching my problems. If there is an error message, I copy it out exactly and put it in Google. Sometimes I spend up to 5 hours downloading, reading forums and sites to try to fix my problems. An example is I have almost worked for 30 minutes straight just typing this post. Until I came to tech forums, I was alone in fixing problems. I must say this forum is the most helpful source I have used so far. This is especially because you check the forums everyday; provide clear instructions, solutions that actually fix the problem. So if you say for me to reinstall, I will.

Please read this over and give me your opinions, thoughts, suggestions, what to doâ€¦etc. This post has tons of information. So make good use of it. I checked the BIOS date and it says May 1998.

Thank- you very much for getting me this far!

Waterburn

/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

P.S I typed this in Microsoft Word and it says there are exactly 1000 words!

/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

Title: Computer messed up!
Post by: guestolo on April 12, 2008, 10:54:14 PM

Quote

P.S I typed this in Microsoft Word and it says there are exactly 1000 words!

That's good, let me know how everything is running after the clean install
I'm not reading all of it

I don't want to, but almost feel obigated to Lock this topic
The computer you have is probably built in 1998, and your still trying to keep it running on bare minimums
And wondering why it is not as responsive as you want it, you appear to know why
It's an old computer, come on Waterburn, are you serious about this computer, or we just playing around

Reformat the thing and Clean install 2000
Get more Ram, 256 is better than your 128, if you want to keep this computer, install it

I really don't want to get to much more involved with this dinosaur, but go ahead and keep trying

Title: Computer messed up!
Post by: waterburn on April 13, 2008, 11:40:46 AM

Hi,

I found the site to help me install. It is on the same site which tells me how to repair that you provided before. The repairs I did before were not complete. After reboot from the blue setup screen, I just assumed it was done. But now I continued the second part after the reboot. It set me back to Service pack 2. So now I am taking my time installing all the critical updates and service packs. Also I reinstalled Internet Explorer 6. If I am going to reinstall, I need to spend at least a week to backup. Do you know a site similar to rapidshare but can load more than 100MB for free?

Thanks

Waterburn

Title: Computer messed up!
Post by: guestolo on April 13, 2008, 05:46:48 PM

Quote

The repairs I did before were not complete. After reboot from the blue setup screen, I just assumed it was done. But now I continued the second part after the reboot. It set me back to Service pack 2. So now I am taking my time installing all the critical updates and service packs

Well, that may save us a clean install if you have luck updating to SP4
Try that first, get all latest critical updates afterwards

Then post back and let me know how things are running

Title: Computer messed up!
Post by: waterburn on April 13, 2008, 08:20:59 PM

Hi,

Unfortunately the repair was not sucessful. Several times Service Pack 4 had errors during the installation and closed. There was a total of 27 critical service packs and updates. I tried installing all 25 critical updates first. Then I installed some kind of security roll up seperately. And lastly I installed Service Pack 4, it was sucessful. Installing all the critical updates and service packs was sucessful. But after that web sites took a long time to load, way longer than ususal and about 5 times the Blue Screen of Death showed up. The Blue Screen of Death never showed up in the past so it was quite a surprise.

So then I took 3 hours adding all the files I wanted to backup to a Winrar Archive. Then I took the Winrar archives with all the documents and files in it and uploaded it to RapidShare. After an hour of uploading I put the download links in a notepad file on a floppy. Then I reformated Drive C Only and reinstalled Windows 2000 on it. The setup took about 30 minutes. Then after I logged in, I noticed how fresh the desktop looked with only 5 icons unlike before, 56 icons. I checked drive C and about 900 MB was used and 3 GB was empty. Drive D and E are still like before except Drive D has 1.08 GB free unlike before 0.99 GB free. I don't know if I should format Drive C and D.

Since I had to go on the Internet to download Sygates, there is a small amount of time I was on the Internet unprotected. I noticed the first suspicious message telling me to visit another site to download an antivirus and to reboot.

Thanks Again!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 13, 2008, 09:50:10 PM

So are you saying you now have SP4 installed and everything is fine?
I'm not sure what your saying

Title: Computer messed up!
Post by: waterburn on April 13, 2008, 10:52:11 PM

Hi,

I am saying I reformated drive C and reinstalled the system on it. Drive D and E are still what they were before. Right now I haven't downloaded the critical updates yet. It is still Windows 2000 SP2 without the critical updates. Roller Coaster tycoon 2 installed perfectly. I got the printer installed and Microsoft Office. I have about 2 GB of space left on drive C. Also no more Blue Screens of Death and (I think) no more restarts. There are also only 8 icons on the desktop when there was 56 icons before.

Thanks!

Waterburn

Title: Computer messed up!
Post by: waterburn on April 14, 2008, 02:41:16 PM

Hi,

Today I was about to install the 31 critical updates and service packs. But I have a question. Should I download Chinese or English updates? The system is Chinese but I use English. The last time I went to the Windows Update page in English, I think it downloaded English updates while my system is Chinese. That probably caused the conflict.

Thanks

Waterburn

*Don't forget to check the above post*

Title: Computer messed up!
Post by: guestolo on April 14, 2008, 08:01:07 PM

I've honestly never tried any Chinese pack of Windows 2000

Try the following, back up the registry to one of your other partitions

Go to START>>RUN>>type the following

regedit
Hit OK

Highlight MyComputer, then click on FILE>>Export Registry File
Give it a name, save it somewhere else then the C: Drive

Then try downloading the full SP4 install
from here and save it to desktop
http://www.microsoft.com/downloads/details...;displaylang=en (http://\"http://www.microsoft.com/downloads/details.aspx?FamilyID=1001aaf1-749f-49f4-8010-297bd6ca33a0&displaylang=en\")

CHOOSE the proper download LANGUAGE that you need
Run the installer, this may take some time, follow all prompts carefully
Reboot when asked
Go to Windows updates afterwards and ensure you have all latest Critical updates

Let me know how it goes

Title: Computer messed up!
Post by: waterburn on April 14, 2008, 08:20:48 PM

Hi,

I am going to follow your instructions tomorrow. I just want to let you know the screen is starting to flicker randomnly, but not that often. It looks to me that soon that monitor won't even turn on. It happened before with another monitor. Once when I turned on the computer, the screen remained black. The power light of the monitor was orange not green. After pulling the wire that connects the monitor with the computer, it would work for a while. Then it would turn off again. Remember this didn't happen to this monitor YET.

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 14, 2008, 09:11:48 PM

Sounds as if you have tried mulitple monitors and you may have Video card problems>>Possibly
Is it onboard on add-in card?

you may have to start about thinking updating your hardware

Title: Computer messed up!
Post by: waterburn on April 16, 2008, 03:17:48 PM

Hi,

Today I downloaded Service Pack 4 and I found out that it needed to be Chinese. After downloading I let it run. While I was waiting I played RCT 2. But then it suddenly restarted so I don't know if it finished or not. I hope it wasn't half complete or something. Is their anyway to find out if Service Pack 4 was properly installed. By the way I did not archive the files.

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 16, 2008, 09:30:37 PM

You only need to install the Chinese Pack
What else are you talking about?

Title: Computer messed up!
Post by: waterburn on April 19, 2008, 06:37:36 AM

Hi,

I am talking about the Chinese Service Pack 4. How do I know it is installed properly? I am pretty sure that I have all the updates. Since windows updates for SP4 is different for SP2 and it is in Chinese. I almost have to guess what to press. But I go on to google to look for english captures of windows update.

By the way I only have sygates on right now. What other antivirus...etc. should I get to prevent viruses from getting in again?

Thanks

Waterburn

Title: Computer messed up!
Post by: waterburn on April 19, 2008, 07:03:38 AM

Hi,

Sometimes I get messages even while not on the Internet. It says that it wants me to go to fixmypc.com. I search it on google the site doesn't exist. It is a bit suspicious since it is telling that me that there are 100 critical errors... or something like that and I haven't installed any antivirus.

Waterburn

*Check above post*

Title: Computer messed up!
Post by: guestolo on April 19, 2008, 11:20:49 AM

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

Title: Computer messed up!
Post by: waterburn on April 20, 2008, 07:48:04 AM

Hi,

I fixed the pop up problem by disabling the messenger service. The computer restarts by almost like every hour. I am almost positive that it is a hardware/cooling problem. Now all I need to know is what antivirus I should have and whatever final steps necessary. Because we should start wrapping up this post.

Thanks!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 20, 2008, 09:10:30 AM

Let's try and get tools that are slack on resources

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

In addition, it would be a good idea to download and install
Spybot 1.5.2.20 (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
UNCHECK TeaTimer during installation
After installation, Search for and Download all updates
After updating, utilize the Immunization feature
Click Immunize>>Immunize again the top green cross
Do that after every update
Probably a good idea to Check for Problems and fix anything in Red every once in awhile

As far as AntiVirus software
Try Avira AntiVir, it's not so steep on resources
You can get the free download from here
http://www.free-av.com/en/download/1/avira..._antivirus.html (http://\"http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html\")

Title: Computer messed up!
Post by: waterburn on April 20, 2008, 10:26:49 AM

Hi,

I am begginning to think the restarting is more than a hardware issue. Now it is restarting particularly while playing Runescape. Ususally when it loads an ad during the game.

As for the antivirus...etc. I am downloading and installing them right now.

Waterburn

Title: Computer messed up!
Post by: waterburn on April 20, 2008, 04:24:43 PM

Hi,

Today I opened the computer and cleaned out the dust. I tried my best to get all the dust out from the fan and the processor. I used cloth and a mini vacum cleaner. I cleaned for almost 3 hours! I had screw, unscrew, clean, put back...etc. I will let you know if it still restarts. All the antivirus...etc. are sucessfully installed. I am just concerned that Avira Antivirus takes up too much memory. From task manager 30,000k.

Right now I have as a protection from viruses:

Sygate Firewall
SpywareBlaster
Spybot -Search & Destory
Avira Antivirus

Is it safe to start downloading now? I am considering uninstall Avira and downloading an antivirus that uses less memory. Any suggestions?

Thanks!

Waterburn

*CHECK THE ABOVE POST*

Title: Computer messed up!
Post by: waterburn on April 20, 2008, 04:26:41 PM

Hi,

Today I opened the computer and cleaned out the dust. I tried my best to get all the dust out from the fan and the processor. I used cloth and a mini vacum cleaner. I cleaned for almost 3 hours! I had to screw, unscrew, clean, put back...etc. I will let you know if it still restarts. All the antivirus...etc. are sucessfully installed. I am just concerned that Avira Antivirus takes up too much memory. From task manager 30,000k.

Right now here's what I have as a protection from viruses:

Sygate Firewall
SpywareBlaster
Spybot -Search & Destory
Avira Antivirus

Is it safe to start downloading now? I am considering uninstalling Avira and downloading an antivirus that uses less memory. Any suggestions?

Thanks!

Waterburn

CHECK THE ABOVE POST*

Title: Computer messed up!
Post by: guestolo on April 21, 2008, 08:14:30 PM

If you want to uninstall AntiVir
Try the free version of AVG
Link can be found here
http://www.thetechguide.com/forum/index.php?showtopic=15894 (http://\"http://www.thetechguide.com/forum/index.php?showtopic=15894\")
Be sure to uninstall AntiVir before installing AVG

Did you bump up the RAM to the maximum?
I can't remember, this is a long thread

P.S. Don't use a Vacuum to clean the inside of your machine, it can harm it
Use a can of compressed air

Title: Computer messed up!
Post by: waterburn on April 22, 2008, 03:05:35 PM

Hi,

I haven't got more RAM yet. Right now I am downloading AVG 7.5 Free Edition. I have a feeling I already tried it and was also too slow.

Thanks!

Waterburn

*We should be able to wrap up this thread after getting a good Antivirus. I'll do the rest after that*

Title: Computer messed up!
Post by: waterburn on April 22, 2008, 03:49:03 PM

Hi,

I installed AVG 7.5 Free Edition sucessfully. Then I checked for updates and got them all. After that it asked me to create a Emergency Repair Disk onto a floppy. Should I do it? It wanted to do a daily scan but I enabled it. I can't scan everyday, it will take too much memory and time. Now it says: Date of internal Virus Database is incorrect. I don't get it!

Waterburn

Title: Computer messed up!
Post by: guestolo on April 22, 2008, 07:29:20 PM

Right click on the AVG icon by the clock and Check for updates
Ensure the Date/time of the clock is correct
Get more Ram, or better yet, invest in a better computer

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

You can disable the daily scan, but manually run it every week or 2

Title: Computer messed up!
Post by: waterburn on April 23, 2008, 02:57:36 PM

Hi,

This will be my last/second last post. I will address all my final notes and stuff here. Then you will make your final comments...etc. after. If you have posted a question or for whatever reason I need to add something then I will make the LAST LAST POST.

AVG 7.5 Free Edition actually doesn't take up that much RAM. It only uses a lot of RAM when updating or opening the control center. In the background AVG uses low memory. Avira used 30,000k even while the program wasn't running. Just the guard. I found out that after updating it always says, when you hover your mouse over the icon by the clock: Date of internal Virus Database is incorrect. Also the icon is black and grey. Only after the next restart it wont say that and the icon is coloured.

We have gone a long way. The computer started off not being able to copy and paste, click links, open e-mails and many other inconveniences. Then we cleared the viruses as best as possible. Finally you ended up deciding to just reinstall the computer. All the problems were fixed after that. Now we have a firewall and antivirus setup. From March 23,2008 7:45AM- April 22,2008 6:29 PM. About a month! 118 posts and still going!!

I would like to personally thank you for fixing all my problems to the point that the computer is running perfectly. As I said before ,you, guestolo, is the only one who has responded to every post. I post, you reply right away. Also this is the only forum that has actually helped me, meaning the solution actually worked!

I will get more RAM and hopefully a new computer someday! But sadly I probably won't get another computer for at least another year. Meanwhile I will try my best to keep this computer working. [color=\"#ff0000\"]Go computer! Made in May 1998 and is still alive! /cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' /> [/color]

Don't forget to make your final comments, thoughts...etc. After that we will finally close this thread.

THANK-YOU VERY MUCH FOR ALL YOUR HELP!

Waterburn

/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

Title: Computer messed up!
Post by: guestolo on April 23, 2008, 07:19:38 PM

You can't leave yet, what the heck would I do without you

/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Just kidding Waterburn, I hope all is well, I'm going to lock this topic as your problems appear resolved

Stay safe

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />