unable to remove pctools.dll [RESOLVED], please help me!!! |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
  |
 Sep 21 2008, 07:15 PM
Post
#1
|
|
|
Member  Posts: 16 OS: Windows XP  |
I also tried deleting the file with killbox in safe mode and that didn't work either please help me the file is located under C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools here's the hijack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:13:27 PM, on 9/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\WINDOWS\system32\BoBoTurbo\BoBoTurboUpdate.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avant Browser\avant.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: QQCycloneHelper Class - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll O16 - DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} (BoBoControl Class) - http://www.17bobo.com/Software/BoBo_ActiveX_V3.ocx O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe -- End of file - 8951 bytes thank you so much Tina This post has been edited by hutina: Sep 23 2008, 05:12 PM |
 |
 
|
|
Sep 25 2008, 09:26 PM
Post
#2
|
|
 Trusted Helper  Posts: 1,516 From: /dev/null OS: Windows XP, OSX 10.5, Ubuntu 8.10 |
hutina, Welcome to Geeks-To-Go. My name is GravityGripp and I'll be assisting you with your issues.
Please note that I am still in training and will be working with an expert on these issues so there may be a slight delay in my responses. If I have not responded to you in a time period longer than 4 days, please feel free to PM me. For now, I will be reviewing your log and will get back to you shortly. Thanks and I look forward to working with you. 
|
|
|
|
|
Sep 26 2008, 08:43 AM
Post
#3
|
|
|
Trusted Helper Posts: 1,516 From: /dev/null OS: Windows XP, OSX 10.5, Ubuntu 8.10 |
Alright, let's start out by getting a little better log.
STEP ONE
|
|
|
|
|
Sep 26 2008, 06:27 PM
Post
#4
|
|
|
Member Posts: 16 OS: Windows XP |
Hello GravityGripp
thanks a lot for taking the time to help me out... here are the logs you have requested OTListIt logfile created on: 9/26/2008 5:14:25 PM - Run 1 OTListIt by OldTimer - Version 1.0.6.0 Folder = C:\Documents and Settings\Tina\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.48 Mb Total Physical Memory | 195.41 Mb Available Physical Memory | 38.20% Memory free 1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.68% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 115.03 Gb Total Space | 86.26 Gb Free Space | 74.99% Space Free | Partition Type: NTFS Drive D: | 189.92 Gb Total Space | 124.63 Gb Free Space | 65.62% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 699.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TINAHU Current User Name: Tina Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2007/09/25 09:00:46 | 00,574,808 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007/10/18 10:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007/10/18 10:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2008/06/24 19:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2007/10/18 10:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007/08/20 13:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe [2008/07/01 14:37:18 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007/01/04 12:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007/08/20 13:36:42 | 00,242,952 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe [2007/08/20 13:36:38 | 00,230,664 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\cavrid.exe [2006/10/11 12:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [2002/07/02 17:56:00 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE [2008/08/22 13:42:30 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe [2007/06/22 17:57:07 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2007/08/16 22:19:02 | 00,177,416 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008/08/22 13:42:31 | 00,173,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008/04/23 18:25:11 | 00,014,088 | ---- | M] (CA) -- C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2007/08/16 22:19:02 | 00,214,280 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2003/05/15 01:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2007/08/16 21:10:14 | 00,218,376 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe [2007/08/16 21:10:16 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe [2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe [2008/09/26 17:14:01 | 00,415,232 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTListIt.exe ========== (O23) Win32 Services ========== [2007/09/25 09:00:46 | 00,574,808 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running]) [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2008/09/12 04:03:36 | 00,210,504 | ---- | M] (广州易播信息科技有限公司) -- C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe -- (BoBoTurbo [Disabled | Stopped]) [2007/08/16 22:19:02 | 00,214,280 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Running]) [2007/08/20 13:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe -- (CAISafe [Auto | Running]) [2004/08/04 00:56:48 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (cisvc [On_Demand | Stopped]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008/07/01 14:37:18 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running]) [2007/11/02 19:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) [2007/01/04 12:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running]) [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2007/08/16 21:10:16 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe -- (PPCtlPriv [On_Demand | Running]) [2004/08/04 00:56:58 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [On_Demand | Stopped]) [2007/10/18 10:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent [Auto | Running]) [2007/10/18 10:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg [Auto | Running]) [2007/10/18 10:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp [Auto | Running]) [2008/06/24 19:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol [Auto | Running]) [2007/08/20 13:36:42 | 00,242,952 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe -- (VETMSGNT [Auto | Running]) ========== Driver Services ========== [2004/08/03 22:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) File not found -- C:\DOCUME~1\Tina\LOCALS~1\Temp\catchme.sys -- (catchme [On_Demand | Stopped]) [2007/04/22 17:15:25 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running]) [2007/04/22 17:15:25 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running]) [2002/07/19 10:46:28 | 00,127,948 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running]) [2002/07/19 10:47:52 | 00,837,548 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running]) [2001/08/17 05:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Stopped]) [2002/07/19 10:48:08 | 00,011,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running]) [2002/07/19 10:48:22 | 00,213,860 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running]) [2003/03/03 20:56:26 | 00,145,408 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running]) [2001/08/17 05:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Stopped]) [2001/08/17 05:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Stopped]) [2002/07/19 10:48:32 | 00,156,604 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running]) [2001/08/23 05:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga [System | Running]) [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running]) [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) File not found -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI [On_Demand | Stopped]) [2002/07/24 13:52:26 | 00,998,004 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running]) [2004/08/03 22:59:20 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running]) [2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped]) [2008/06/24 19:08:36 | 00,063,504 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent [System | Running]) [2008/06/24 19:08:42 | 00,134,648 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF [Auto | Running]) [2008/06/24 19:08:42 | 00,088,816 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg [On_Demand | Running]) [2008/06/24 19:08:46 | 00,045,584 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile [System | Running]) [2008/06/24 19:08:52 | 00,115,216 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw [System | Running]) [2008/06/24 19:08:56 | 00,066,576 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx [Auto | Running]) [2008/06/24 19:08:58 | 00,093,712 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart [Boot | Running]) [2005/11/02 04:23:08 | 00,014,464 | R--- | M] (©NOWCOM) -- C:\WINDOWS\system32\nowmemdf.sys -- (NOWMEMDF [On_Demand | Stopped]) [2007/01/18 00:34:53 | 00,020,386 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Tencent\QQ\npkcrypt.sys -- (npkcrypt [Auto | Running]) File not found -- C:\Program Files\Tencent\QQ\npkycryp.sys -- (npkycryp [On_Demand | Stopped]) [2002/07/19 10:48:04 | 00,195,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running]) [2001/08/23 05:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running]) [1999/12/17 01:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT [Auto | Running]) [2004/08/03 22:59:18 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped]) [2001/08/23 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2007/04/22 17:15:25 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2001/08/17 05:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Stopped]) [2007/10/21 13:19:15 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running]) [2007/08/20 13:38:16 | 00,026,376 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running]) [2007/08/20 13:38:16 | 00,021,128 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running]) [2008/06/04 15:17:27 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running]) [2008/06/04 15:17:27 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running]) [2007/08/20 13:38:20 | 00,021,512 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running]) [2007/08/20 13:38:22 | 00,032,264 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (685 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (QQCycloneHelper Class) - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll (腾讯公司) O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll (FlashGet) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft) O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl (CA, Inc.) O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.) O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.) O4 - HKLM..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" (CA, Inc.) O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (Microsoft Corporation) O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" () O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation) O4 - HKLM..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe" (CA) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE (Creative Technology Ltd) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O8 - Extra context menu item: &ʹÓ󬼶Ðý·çÏÂÔØ - C:\Program Files\Tencent\QQDownload\geturl.htm O8 - Extra context menu item: &ʹÓ󬼶Ðý·çÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Tencent\QQDownload\getAllurl.htm O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: ÓÃQQ²ÊÐÅ·¢Ë͸ÃͼƬ - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Sites: turbotax.com (https in Trusted sites) O15 - HKCU\..Trusted Sites: 26 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab (AxSubmitControl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll (CCTVUpdateInstall) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} http://www.17bobo.com/Software/BoBo_ActiveX_V3.ocx (BoBoControl Class) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] PFW: "DllName" = UmxWnp.Dll -- C:\WINDOWS\system32\UmxWNP.dll (CA) ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2007/05/20 01:06:44 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79d15499-6e53-11dc-92e2-000c761faceb}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79d15499-6e53-11dc-92e2-000c761faceb}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79d15499-6e53-11dc-92e2-000c761faceb}\Shell\AutoRun\command] "" = H:\LaunchU3.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79d1549a-6e53-11dc-92e2-000c761faceb}\Shell\AutoRun\command] "" = I:\MonopolyPBInstall.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command] "" = H:\LaunchU3.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [2008/09/26 17:14:00 | 00,415,232 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTListIt.exe [2008/09/25 23:56:44 | 00,105,472 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\LessonPlan.doc [2008/09/25 22:45:16 | 00,077,824 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\VargasLessonPlanbook.doc [2008/09/23 17:21:52 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\ALG A -WORD PROBLEMS.doc [2008/09/22 23:25:43 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\notes.doc [2008/09/22 21:47:59 | 01,210,623 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\1001058_Teacher_Credentials.pdf [2008/09/21 19:02:12 | 00,026,530 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\halg2ch1.pdf [2008/09/21 15:55:25 | 00,430,239 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\3List.htm [2008/09/20 19:37:16 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Tina\My Documents\KillBox.exe [2008/09/17 21:04:35 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\excel_lesson_plan_template.xls [2008/09/16 20:58:58 | 00,051,661 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\ira application.pdf [2008/09/14 23:54:04 | 00,028,301 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\Config.bin [2008/09/14 22:39:50 | 00,002,041 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Infinite Pre-Algebra Trial.lnk [2008/09/10 20:39:43 | 00,054,403 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\Common Assessment 1.ipa [2008/09/08 18:20:26 | 00,503,808 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\04 Fracadd.ppt [2008/09/07 16:12:06 | 00,140,840 | ---- | C] () -- C:\WINDOWS\System32\boboUpdate.exe [2008/09/02 18:37:22 | 00,171,372 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\2008.EGP [2008/09/01 20:44:01 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\number line.xls [2008/08/31 19:01:08 | 00,354,304 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\july 2008.doc [2008/08/30 02:18:10 | 00,032,357 | ---- | C] () -- C:\Documents and Settings\Tina\My Documents\Assignment.ipa [2008/08/30 01:46:46 | 00,009,216 | -HS- | C] () -- C:\Documents and Settings\Tina\My Documents\Thumbs.db @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Tina\My Documents\Thumbs.db:encryptable ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [2008/09/26 17:14:01 | 00,415,232 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTListIt.exe [2008/09/26 17:06:06 | 03,375,772 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-80611102}.CDF [2008/09/26 17:06:06 | 03,375,772 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-80611102}.BAK [2008/09/26 17:04:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/09/26 17:04:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/09/26 17:04:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/09/26 00:41:47 | 00,140,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0 [2008/09/26 00:41:47 | 00,029,808 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-80611102}.rfx [2008/09/26 00:41:47 | 00,029,808 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-80611102}.rfx [2008/09/26 00:41:47 | 00,017,500 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-80611102}.rfx [2008/09/26 00:41:47 | 00,017,500 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000002-80611102}.rfx [2008/09/26 00:41:47 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2008/09/26 00:41:47 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2008/09/26 00:41:47 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7 [2008/09/26 00:41:47 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6 [2008/09/26 00:41:47 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5 [2008/09/26 00:41:47 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4 [2008/09/26 00:41:47 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3 [2008/09/26 00:41:47 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2 [2008/09/26 00:41:47 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1 [2008/09/26 00:41:47 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80611102}.dat [2008/09/26 00:41:47 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-80611102}.dat [2008/09/26 00:12:08 | 00,105,472 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\LessonPlan.doc [2008/09/25 22:45:19 | 00,077,824 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\VargasLessonPlanbook.doc [2008/09/23 17:23:57 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\ALG A -WORD PROBLEMS.doc [2008/09/22 23:25:43 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\notes.doc [2008/09/22 21:48:00 | 01,210,623 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\1001058_Teacher_Credentials.pdf [2008/09/21 19:02:17 | 00,026,530 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\halg2ch1.pdf [2008/09/21 15:55:25 | 00,430,239 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\3List.htm [2008/09/20 19:37:20 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Tina\My Documents\KillBox.exe [2008/09/20 19:26:22 | 00,000,476 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Tina at 6 25 PM.job [2008/09/17 21:04:37 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\excel_lesson_plan_template.xls [2008/09/16 20:58:58 | 00,051,661 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\ira application.pdf [2008/09/15 18:00:30 | 00,093,184 | ---- | M] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/14 23:54:05 | 00,028,301 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\Config.bin [2008/09/14 22:39:50 | 00,002,041 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Infinite Pre-Algebra Trial.lnk [2008/09/12 16:04:01 | 00,140,840 | ---- | M] () -- C:\WINDOWS\System32\boboUpdate.exe [2008/09/10 20:39:43 | 00,054,403 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\Common Assessment 1.ipa [2008/09/08 18:20:30 | 00,503,808 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\04 Fracadd.ppt [2008/09/06 23:10:43 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QQ游戏.lnk [2008/09/02 23:18:34 | 00,171,372 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\2008.EGP [2008/09/02 18:37:32 | 00,171,372 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\Copy of Copy of 2007_P2.egp [2008/09/01 21:01:38 | 00,032,357 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\Assignment.ipa [2008/09/01 20:54:22 | 00,004,090 | ---- | M] () -- C:\Documents and Settings\Tina\Application Data\evpro32.prf [2008/09/01 20:44:01 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\number line.xls [2008/09/01 01:02:01 | 00,139,264 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\2007-08 Pre-Algebra P-H Road Map.xls [2008/08/31 19:01:08 | 00,354,304 | ---- | M] () -- C:\Documents and Settings\Tina\My Documents\july 2008.doc [2008/08/30 01:46:46 | 00,009,216 | -HS- | M] () -- C:\Documents and Settings\Tina\My Documents\Thumbs.db @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Tina\My Documents\Thumbs.db:encryptable < End of report > |
|
|
|
|
Sep 26 2008, 06:28 PM
Post
#5
|
|
|
Member Posts: 16 OS: Windows XP |
OTListIt Extras logfile created on: 9/26/2008 5:14:25 PM - Run Tina
OTListIt by OldTimer - Version 1.0.6.0 Folder = C:\Documents and Settings\Tina\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.48 Mb Total Physical Memory | 195.41 Mb Available Physical Memory | 38.20% Memory free 1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.68% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 115.03 Gb Total Space | 86.26 Gb Free Space | 74.99% Space Free | Partition Type: NTFS Drive D: | 189.92 Gb Total Space | 124.63 Gb Free Space | 65.62% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 699.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TINAHU Current User Name: Tina Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe () .url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe () ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008/02/18 15:26:47 | 00,219,952 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:μTorrent [2007/11/02 19:36:34 | 17,152,808 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes [2008/02/24 19:08:22 | 01,316,320 | ---- | M] (Tencent Technology (Shenzhen) Company Limited) -- C:\Program Files\Tencent\QQDownload\QQDownload.exe:*:Enabled:超级旋风 [2008/01/16 02:29:34 | 00,218,520 | ---- | M] (Tencent Technology (Shenzhen) Company Limited) -- C:\Program Files\Tencent\QQDownload\QDAutoUpdate.exe:*:Enabled:AutoUpdate Module [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer File not found -- C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS网络电视 File not found -- C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器 [2008/08/19 00:40:32 | 01,168,712 | ---- | M] () -- C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer [2008/02/05 17:25:51 | 10,335,520 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax [2007/10/22 19:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70 "{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = Samsung ML-1710 Series "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP "{7A44D3E7-3607-4967-96AB-3C5C17275C85}" = Infinite Pre-Algebra "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{8851E12C-0EF9-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Platinum "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3 "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0 "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007 "{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}" = iTunes "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AOL Instant Messenger" = AOL Instant Messenger "AvantBrowser" = Avant Browser (remove only) "California Mathematics, Grade 7 Interactive Classroom" = California Mathematics, Grade 7 Interactive Classroom "Canon CanoScan LiDE 70 User Registration" = Canon CanoScan LiDE 70 User Registration "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0 "CCleaner" = CCleaner (remove only) "CleanUp!" = CleanUp! "DSMT5" = MathType 5 "Easy Grade Pro" = Easy Grade Pro "eTrust Suite Personal" = CA Internet Security Suite "ExamView ActiveX Control v2" = ExamView ActiveX Control v2 "ExamView Pro" = ExamView Assessment Suite "FlashGet(JetCar)" = FlashGet(JetCar) "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "Magic ISO Maker v5.4 (build 0256)" = Magic ISO Maker v5.4 (build 0256) "Middle School Tutorial" = Middle School Tutorial "Monopoly by Parker Brothers" = Monopoly by Parker Brothers "Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1) "PROSet" = Intel® PRO Network Adapters and Drivers "QQ2005" = QQ2005 Formal "QQ拱猪游戏" = QQ拱猪游戏 "QQ游戏" = QQ游戏 "QQ麻将角色版" = QQ麻将角色版 "RealPlayer 6.0" = RealPlayer "SopCast" = SopCast 2.0.4 "SpywareBlaster_is1" = SpywareBlaster v3.5.1 "TeacherWorks" = TeacherWorks "The Core Media Player" = The Core Media Player 4.0 "TurboTax Deluxe 2007" = TurboTax Deluxe 2007 "TVAnts 1.0" = TVAnts 1.0 "TVUPlayer" = TVUPlayer 2.3.5.1 "UUSEE" = UUSee 网络电视 [5.4.820.3] "UUSEE_base" = UUSee 播放插件基础包 5.8.820.1 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6c "Windows XP Service Pack" = Windows XP Service Pack 2 "WinRAR archiver" = WinRAR archiver "超级旋风" = 超级旋风 1.7.163.202 "麦客疯_is1" = 麦客疯 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 9/7/2008 3:12:20 PM | Computer Name = TINAHU | Source = Application Hang | ID = 1002 Description = Hanging application avant.exe, version 11.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/7/2008 9:59:08 PM | Computer Name = TINAHU | Source = Application Error | ID = 1000 Description = Faulting application ad-aware2007.exe, version 7.0.2.3, faulting module ad-aware2007.exe, version 7.0.2.3, fault address 0x00094c9a. Error - 9/8/2008 3:33:28 AM | Computer Name = TINAHU | Source = UmxAgent | ID = 108 Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error 0x2. Error - 9/10/2008 2:23:32 AM | Computer Name = TINAHU | Source = UmxAgent | ID = 108 Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error 0x2. Error - 9/13/2008 4:19:54 AM | Computer Name = TINAHU | Source = UmxAgent | ID = 108 Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error 0x2. Error - 9/13/2008 11:29:47 PM | Computer Name = TINAHU | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 9/15/2008 2:22:13 AM | Computer Name = TINAHU | Source = Application Hang | ID = 1002 Description = Hanging application avant.exe, version 11.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/15/2008 3:26:11 AM | Computer Name = TINAHU | Source = UmxAgent | ID = 108 Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error 0x2. Error - 9/16/2008 3:30:08 AM | Computer Name = TINAHU | Source = UmxAgent | ID = 108 Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error 0x2. Error - 9/18/2008 2:46:36 AM | Computer Name = TINAHU | Source = UmxAgent | ID = 108 Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error 0x2. [ System Events ] Error - 9/21/2008 7:03:17 PM | Computer Name = TINAHU | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip VET-FILT VET-REC VETEFILE VETMONNT Error - 9/21/2008 7:05:46 PM | Computer Name = TINAHU | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 9/21/2008 7:06:35 PM | Computer Name = TINAHU | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A} Error - 9/21/2008 7:06:35 PM | Computer Name = TINAHU | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/21/2008 7:28:12 PM | Computer Name = TINAHU | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer VICTOR-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AA18D93B-7200-4459. The master browser is stopping or an election is being forced. Error - 9/21/2008 9:15:09 PM | Computer Name = TINAHU | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer VICTOR-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AA18D93B-7200-4459. The master browser is stopping or an election is being forced. Error - 9/23/2008 1:07:26 AM | Computer Name = TINAHU | Source = NetBT | ID = 4321 Description = The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.104. The machine with the IP address 192.168.1.100 did not allow the name to be claimed by this machine. Error - 9/25/2008 12:46:40 AM | Computer Name = TINAHU | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer VICTOR-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AA18D93B-7200-4459. The master browser is stopping or an election is being forced. Error - 9/25/2008 6:16:47 PM | Computer Name = TINAHU | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer VICTOR-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AA18D93B-7200-4459. The master browser is stopping or an election is being forced. Error - 9/26/2008 3:02:06 AM | Computer Name = TINAHU | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer VICTOR-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AA18D93B-7200-4459. The master browser is stopping or an election is being forced. < End of report > thanks tina |
|
|
|
|
Sep 29 2008, 09:16 AM
Post
#6
|
|
|
Trusted Helper Posts: 1,516 From: /dev/null OS: Windows XP, OSX 10.5, Ubuntu 8.10 |
I see that you have a Chinese IM application installed. Is this something that you installed? STEP ONE Please download the OTMoveIt2 by OldTimer.
|