DDS logs: both DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by YULE at 10:35:41 on 2013-06-04
Microsoft Windows 7 Ultimate 6.1.7600.0.936.86.1033.18.2038.640 [GMT 8:00]
.
AV: Kaspersky Anti-Virus *Enabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Windows\system32\ChgService.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\kuwo\KWMUSIC\bin\kwmusic.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\kuwo\KWMUSIC\bin\IESandBox.exe
C:\Program Files\kuwo\KWMUSIC\bin\KwService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Windows\system32\taskhost.exe
C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.hk/
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.1\ytdToolbarIE.dll
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: GCiBaBHO Class: {76F8B2BF-4A1B-449E-AF7A-A50DD2F85EF9} - c:\program files\kingsoft\powerword lite\addins\ieaddin\CBIEAddin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CCB9509F-5011-26C9-709E-DD124EF55A80 Class: {CCB9509F-5011-26C9-709E-DD124EF55A80} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\urladvisor\klwtbbho.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.1\ytdToolbarIE.dll
TB: Softonic-Eng7 Toolbar: {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} -
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.1\ytdToolbarIE.dll
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [Google Update] "c:\users\yule\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "c:\users\yule\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [AROReminder] c:\program files\aro 2013\ARO.exe -rem
uRun: [Gscico] c:\users\yule\appdata\roaming\Gscico.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [kwmusic] "c:\program files\kuwo\kwmusic\Kwmusic.exe" /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\yule\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBC} - <orphaned>
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A22C622B-B304-472f-88EF-5933BB255F63} - {2D40AC3B-42F2-4787-8D8B-2B63F03C6541} - c:\program files\kingsoft\powerword lite\addins\ieaddin\CBIEAddin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\urladvisor\klwtbbho.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCE1} - hxxps://www2.pbebank.com/ebroking/wecos/control/csoex_pbb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_09-windows-i586.cab
DPF: {B9B2EE1A-E314-4338-A305-BE845EACB113} - hxxps://www2.pbebank.com/ebroking/wecos/control/csw25.cab
DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 172.16.240.250 172.16.240.251
TCP: Interfaces\{1B290AF0-3F27-444C-B4CE-A486EA38BD10} : DHCPNameServer = 172.16.240.250 172.16.240.251
TCP: Interfaces\{2C973AF0-4EFC-43F3-BA29-B87464068E7C} : NameServer = 58.71.136.10 58.71.132.10
TCP: Interfaces\{487309EC-975B-49E2-A33A-D4A88EA3FD9B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{487309EC-975B-49E2-A33A-D4A88EA3FD9B}\C496D60277966696 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{487309EC-975B-49E2-A33A-D4A88EA3FD9B}\E4544574541425 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9ACC973B-8DA1-474D-A54B-712646BFBE63} : NameServer = 58.71.136.10 58.71.132.10
TCP: Interfaces\{BCDC7ED6-1A4D-4B10-B8D5-004C52922CE6} : NameServer = 58.71.136.10 58.71.132.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\yule\appdata\roaming\mozilla\firefox\profiles\b5ipxd6f.default\
FF - prefs.js: browser.search.selectedEngine - 百度
FF - prefs.js: keyword.URL - hxxp://www.baidu.com/baidu?tn=dealio_dg&wd=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\yule\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\yule\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-3-6 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-8-29 73728]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-5-15 806776]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe [2013-3-6 356376]
R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-9-5 135168]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-3 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-3 701512]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-3-6 25944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-3-6 25944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-3 22856]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2010-9-5 103424]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-7-3 201168]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-7-3 101120]
.
=============== Created Last 30 ================
.
2013-06-04 01:56:1160872----a-w-c:\programdata\microsoft\windows defender\definition updates\{e07f52da-eeb4-40f9-836e-0e74798b7952}\offreg.dll
2013-06-04 00:41:20--------d-----w-c:\windows\system32\SPReview
2013-06-04 00:39:23--------d-----w-c:\windows\system32\EventProviders
2013-06-03 09:06:16--------d-----w-c:\windows\ELAMBKUP
2013-06-03 09:05:56--------d-----w-c:\programdata\Kaspersky Lab
2013-06-03 09:05:56--------d-----w-c:\program files\Kaspersky Lab
2013-06-03 09:04:4375096----a-w-c:\windows\system32\drivers\klflt.sys
2013-06-03 06:40:28--------d-----w-c:\users\yule\appdata\roaming\Malwarebytes
2013-06-03 06:40:16--------d-----w-c:\programdata\Malwarebytes
2013-06-03 06:40:1422856----a-w-c:\windows\system32\drivers\mbam.sys
2013-06-03 06:40:14--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-06-03 05:45:31--------d-----w-c:\users\yule\appdata\local\MFAData
2013-06-03 05:45:31--------d-----w-c:\users\yule\appdata\local\Avg2013
2013-06-03 05:36:492422272----a-w-c:\windows\system32\wucltux.dll
2013-06-03 05:36:1988576----a-w-c:\windows\system32\wudriver.dll
2013-06-03 05:35:5933792----a-w-c:\windows\system32\wuapp.exe
2013-06-03 05:35:59171904----a-w-c:\windows\system32\wuwebv.dll
2013-06-03 05:13:53--------d-----w-c:\users\yule\appdata\roaming\Sammsoft
2013-06-03 05:13:22--------d-----w-c:\program files\ARO 2013
2013-06-03 05:11:55--------d-----w-c:\users\yule\appdata\local\Programs
2013-06-03 00:24:49--------d-----w-c:\program files\Application Updater
2013-06-03 00:24:47--------d-----w-c:\program files\YTD Toolbar
2013-06-03 00:24:47--------d-----w-c:\program files\common files\Spigot
2013-05-14 05:31:106128760----a-w-c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-05-14 05:31:106128760----a-w-c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2013-05-20 00:51:1971048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-20 00:51:19692104----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-04-21 05:44:06205----a-w-c:\windows\system32\lsprst7.dll
2013-04-04 02:07:091025----a-w-c:\windows\system32\sysprs7.dll
2013-04-02 06:20:0494112----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 06:20:01861088----a-w-c:\windows\system32\npdeployJava1.dll
2013-04-02 06:20:01782240----a-w-c:\windows\system32\deployJava1.dll
2013-03-06 05:24:1458712----a-w-c:\windows\system32\klfphc.dll
2013-03-06 05:24:1443608----a-w-c:\windows\system32\drivers\kltdi.sys
2013-03-06 05:24:1425944----a-w-c:\windows\system32\drivers\klmouflt.sys
2013-03-06 05:24:1425944----a-w-c:\windows\system32\drivers\klkbdflt.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
1 ntkrnlpa!IofCallDriver[0x83284458] -> \Device\Harddisk0\DR0[0x866769C8]
3 CLASSPNP[0x89F8959E] -> ntkrnlpa!IofCallDriver[0x83284458] -> \Device\Ide\IdeDeviceP1T0L0-2[0x85883908]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
.
============= FINISH: 10:38:33.75 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 30-Aug-10 3:10:49 AM
System Uptime: 04-Jun-13 8:17:42 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0DT492
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 167.754 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.714 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01F31028&REV_12\4&3599CE57&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01F31028&REV_12\4&3599CE57&0&0BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F31028&REV_12\4&3599CE57&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F31028&REV_12\4&3599CE57&0&0AF0
Service:
.
==== System Restore Points ===================
.
RP151: 04-Jun-13 8:40:49 AM - Windows 7 Service Pack 1
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.1.7)
Advanced Audio FX Engine
Advanced Video FX Engine
ARO 2013
BioEdit
Color LaserJet 2600n
D3DX10
Dell Driver Download Manager
Dell Webcam Center
Dell Webcam Manager
Facebook Video Calling 1.2.0.287
Flash Player 2.0
Free Mp3 Wma Converter V 1.93
Free WMA to MP3 Converter 1.16
GELSIS v5.0
GeneSnap from SynGene
GeneStudio
Google Chrome
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Java 2 Runtime Environment, SE v1.4.2_09
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 4.7.5 (Basic)
Kaspersky Anti-Virus 2013
Laptop Integrated Webcam Driver (1.04.01.1011)
Macromedia Flash MX
Malwarebytes Anti-Malware version 1.75.0.1300
Maxis Broadband
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modeller 9v8
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
POV-Ray for Windows v3.6.1c
QvodPlayer(快播) v3.5
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sequence Scanner v1.0
SeqVerter
SigmaTel Audio
Skype Click to Call
Skype? 6.3
SPSS 16.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VMD 1.9
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
YTD Toolbar v7.1
YTD Video Downloader 3.9
暴风影音5
美图秀秀 3.1.0
酷我音乐 2012
.
==== Event Viewer Messages From Past Week ========
.
31-May-13 11:50:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
03-Jun-13 11:41:29 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer FCYBER1-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1B290AF0-3F27-444C-B4CE-A486EA3. The master browser is stopping or an election is being forced.
03-Jun-13 1:51:03 PM, Error: Service Control Manager [7034] - The Change Modem Device Service service terminated unexpectedly. It has done this 1 time(s).
03-Jun-13 1:51:02 PM, Error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
03-Jun-13 1:48:03 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1B290AF0-3F27-444C-B4CE-A486EA38BD. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================